Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Canvas of Kings_N6xC-S2.exe

Overview

General Information

Sample name:Canvas of Kings_N6xC-S2.exe
Analysis ID:1580374
MD5:af45bc08a07f1ba16abe59f29072ebcc
SHA1:66edea40ba7b38a45bd856e6889bba12384c458f
SHA256:e555c06879ed4eda6277e1fa8a4985590e70d8fa81421103048803e386daaf28
Tags:exeuser-zach
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Modifies the windows firewall
Possible COM Object hijacking
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • Canvas of Kings_N6xC-S2.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: AF45BC08A07F1BA16ABE59F29072EBCC)
    • Canvas of Kings_N6xC-S2.tmp (PID: 7372 cmdline: "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: 49312C19FA9B298CA2AE71E14F07CCF3)
      • saBSI.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
        • installer.exe (PID: 1448 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 7DD0FAA9C00391333B2A12D21CA028BF)
          • installer.exe (PID: 2476 cmdline: "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 9B6FDFBC11B51E810F01598730A002F4)
      • avg_antivirus_free_setup.exe (PID: 7984 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 8100 cmdline: "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de MD5: 6EBB043BC04784DBC6DF3F4C52391CD0)
          • icarus.exe (PID: 2112 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 2076 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 2936 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av MD5: A1FFFE3E9589CCFE629EB653F704A659)
      • norton_secure_browser_setup.exe (PID: 8052 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 1516 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 7276 cmdline: "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5548 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5088 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 560 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 6256 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • netsh.exe (PID: 8164 cmdline: "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • qbittorrent.exe (PID: 3584 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77 MD5: 22A34900ADA67EAD7E634EB693BD3095)
      • WerFault.exe (PID: 4476 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 1596 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3652 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2708 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 6360 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 3272 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • NortonBrowserUpdate.exe (PID: 5444 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 7632 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserCrashHandler.exe (PID: 5288 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe" MD5: 1694092D5DE0E0DAEF4C5EA13EA84CAB)
    • NortonBrowserCrashHandler64.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe" MD5: 09621280025727AB4CB39BD6F6B2C69E)
  • NortonBrowserUpdate.exe (PID: 7612 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 6128 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 3352 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 7716 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 6524 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • servicehost.exe (PID: 8044 cmdline: "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" MD5: F7C7039D19E16D05B6194D74E128DFE4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUT7C55.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1dfc9:$Dwork: D:\work
  • 0x234dc:$Dwork: D:\work
  • 0x2362a:$Dwork: D:\work
  • 0x23781:$Dwork: D:\work
  • 0x2384f:$Dwork: D:\work
  • 0x23c1c:$Dwork: D:\work
  • 0x23d66:$Dwork: D:\work
  • 0x23eba:$Dwork: D:\work
  • 0x23f85:$Dwork: D:\work
  • 0x241b2:$Dwork: D:\work
  • 0x242d9:$Dwork: D:\work
  • 0x243dd:$Dwork: D:\work
  • 0x244f5:$Dwork: D:\work
  • 0x2459f:$Dwork: D:\work
  • 0x24675:$Dwork: D:\work
  • 0x2478a:$Dwork: D:\work
  • 0x24832:$Dwork: D:\work
  • 0x37dd6:$Dwork: D:\work
  • 0x3a645:$Dwork: D:\work
  • 0x3d46a:$Dwork: D:\work
  • 0x3d527:$Dwork: D:\work
Process Memory Space: NortonBrowserUpdate.exe PID: 7276PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0xa9aae:$Dwork: D:\work
  • 0xd785a:$Dwork: D:\work
  • 0xd8457:$Dwork: D:\work
  • 0x10286a:$Dwork: D:\work
  • 0x10e1a7:$Dwork: D:\work
  • 0x10e2fe:$Dwork: D:\work
  • 0x10e3d2:$Dwork: D:\work
  • 0x10e526:$Dwork: D:\work
  • 0x10e6cd:$Dwork: D:\work
  • 0x10e7b7:$Dwork: D:\work
  • 0x10e9a5:$Dwork: D:\work
  • 0x10ea8b:$Dwork: D:\work
  • 0x10ebe9:$Dwork: D:\work
  • 0x10ed01:$Dwork: D:\work
  • 0x10edab:$Dwork: D:\work
  • 0x10ee38:$Dwork: D:\work
  • 0x10ef4d:$Dwork: D:\work
  • 0x10eff5:$Dwork: D:\work
  • 0x11abfa:$Dwork: D:\work
  • 0x11af3c:$Dwork: D:\work
  • 0x11b056:$Dwork: D:\work

Sigma Signatures

System Summary

barindex
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3652, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Canvas of Kings_N6xC-S2.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,5_2_006E14F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_006E17A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00695870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00695870
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00696220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00696220
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CE610 CryptMsgClose,5_2_006CE610
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006967B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_006967B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CEB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_006CEB60
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,5_2_006CF150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,5_2_006CF3C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BB0E0 CryptDestroyHash,CryptDestroyHash,6_2_005BB0E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9250 CryptGenRandom,GetLastError,__CxxThrowException@8,6_2_005B9250
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B82F0 CryptDestroyHash,6_2_005B82F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,6_2_005B9450
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,6_2_005B8DC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_005B9020
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8260 CryptDestroyHash,6_2_005B8260
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_005B9340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B94D0 CryptHashData,GetLastError,__CxxThrowException@8,6_2_005B94D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005D2660 CryptReleaseContext,6_2_005D2660
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8EF0 CryptReleaseContext,6_2_005B8EF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004909E0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_004909E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045DF30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_0045DF30
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_315e15f9-1

Compliance

barindex
Uses 32bit PE files
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a directory in C:\Program Files
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw617d7505b8724106.tmp
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-TW.txt
PE / OLE file has a valid certificate
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002536000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040CF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480605860.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000036CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002BB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000000.2462770736.0000000000DA1000.00000020.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000245E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475511064.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002586000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484926082.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002508000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479660943.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2473505719.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004187000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489768595.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FA6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003416000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472885934.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003726000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003E9D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033DD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471408789.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000252A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480379493.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003494000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004024000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476310538.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000417B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489515446.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025A8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004141000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486501184.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470936803.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025CA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488891232.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023F6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472315049.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002513000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479920316.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004030000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476513644.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000344F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475014896.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001E46000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2427940153.0000000000668000.00000002.00000001.01000000.0000001B.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3591087477.0000000000668000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002564000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483028940.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000403C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476727137.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004053000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477122150.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3585729673.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002626000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497568878.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004158000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488002623.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034D9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477742749.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000256F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004108000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483548739.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003919000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501313824.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501008100.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002610000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2491543193.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471641190.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004081000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478372251.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000414D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2487001973.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbw source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000243B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FD4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474683028.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000405E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477390906.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000257B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004192000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490167835.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004019000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003489000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476107219.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023EA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F84000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472081062.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002541000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480836801.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004096000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479367721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000345B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475185895.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002604000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490562457.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004075000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478053523.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000416F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489266499.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000254D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481125471.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002474000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000400D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475894425.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002558000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481670080.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3591325154.00000000005D0000.00000002.00000001.00040000.0000003E.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474495271.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004002000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475699721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002592000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000412B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2485820570.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000251E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480145584.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004047000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476926621.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000342D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FBD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474067452.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002402000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F9B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472595155.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023C9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471178338.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004136000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000259D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486154173.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000261B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497045428.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000408B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479090655.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499346239.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00456F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00456F60
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0044E180
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00454590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00454590
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00480AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00480AC0
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewIP Address: 52.168.117.173 52.168.117.173
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eaddons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c03e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e27:b1NIC CA 2011NIC CA 201401:31:69:b007:27:10:0301:31:34:bfDigiNotar PKIoverheid CA Overheid en Bedrijven07:27:10:0d46:9c:2c:b007:27:0f:f9DigiNotar Cyber CA46:9c:2c:afDigiNotar Public CA 202507:27:14:a946:9c:3c:c9d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G21e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CA41UTN-USERFirst-Hardware08:27MD5 Collisions Inc. (http://www.phreedom.org/md5)4c:0e:63:6aDigisign Server ID (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)27:83AC DG Tr equals www.yahoo.com (Yahoo)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498022745.0000000000813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498022745.0000000000813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust#W
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498067549.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498652844.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498067549.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrusteularequiredma
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx=
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxL
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2420854000.0000000003F1E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2497037482.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000817000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enuC
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647ACD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000007.00000000.2351083080.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3397679054.0000000004FA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337084765.0000000004FA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/.
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiu
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/r
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgil
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.00000000022A6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000075B6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.000000000550B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect/-s1
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: qbittorrent.exe, 0000000B.00000003.3027292090.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Microsoft
Source: saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.phreedom.org/md5)4c:0e:63:6aDigisign
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record(
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record1
Source: saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordTr
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorderM
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordl)C
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordITION
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002B88000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3377192389.0000000002B6B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2381888143.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424916875.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486418120.0000000002BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25?-
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.0000000000970000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf&
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf22
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfk
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxdelaytimeout-elapsedterminatecontinueargumentsshow-wi
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035E5000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005521000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005521000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000005.00000003.3389454284.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035BA000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setu6
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip=
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipD
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipJ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipK
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002584000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png?
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png~
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002548000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR_A
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR_AJ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.png
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/o
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000025EA000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035FE000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E97000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3401628524.0000000004EB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd.tmp
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula9
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/K
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/S
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005533000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980549975.0000000005544000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/s
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeO
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b56c3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/48c1/d01f/6234/48c1d01f6234e7c129b31a0c2388de0f102f718721fedf18edb
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3378161000.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3378161000.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/aa90/1643/995c/aa901643995c786c0598ce59c6edc19d0202ef4a3a8a0cb0c1a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae69fe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483c73
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1717252639.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.co
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesh
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.json
Source: saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/#C
Source: saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/produc
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000005.00000003.2402097240.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml.DLL
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json6s
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESSX
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml0
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryox
Source: saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmlOC
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000005.00000003.3337207939.0000000004DBC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2584630192.0000000004DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3377363712.0000000002BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2381404487.0000000002B78000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2381510177.0000000002B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net//url
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActiIP8
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActiva#
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420963541.0000000003EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1735039275531&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420963541.0000000003EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/p
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2371527456.0000000003EAE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2375053505.0000000003EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: norton_secure_browser_setup.exe, 00000007.00000003.2371527456.0000000003EAE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2375053505.0000000003EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: NortonBrowserUpdate.exe, 0000001F.00000002.2884114001.0000000000A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy4
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms?
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/e
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000998000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.000000000099B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.0000000000999000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/prVersion
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009BF000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/#Zo
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349477442.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2348673267.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy1
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349477442.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2348673267.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacyb6ll
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.000000000755E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html64e35416b1d8ed2635
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlP
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/SOR_A
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html)
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlW
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlu
Source: norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427534051.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000074A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E10000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement//zbd
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement//zbd=
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.000000000753D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersfQ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computpE
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacye
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000996000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1R
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405601
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile dropped: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe entropy: 7.99064522414Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\88ea02bf-a24e-483a-a5d2-ee7e40595745 entropy: 7.99995124837Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\2818f0bb-a151-4148-beda-cdffb402d60a entropy: 7.99982131586Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\0fe58d1c-de4b-4979-a36c-9383b4628fb8 entropy: 7.99990414125Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\40721289-34e4-4d6e-8c9f-1c894702dfe8 entropy: 7.99866005103Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\9ffc6aeb-9106-44bf-ac20-b049e1d1298a entropy: 7.99949886139Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\30b2e7f6-7445-4912-981e-11149687fecc entropy: 7.9999260316Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exe entropy: 7.9999912886Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dll.lzma entropy: 7.99946367131Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dll.lzma entropy: 7.99990334673Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exe.lzma entropy: 7.99980219406Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma entropy: 7.99945139508Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma entropy: 7.99996225598Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma entropy: 7.99984124576Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma entropy: 7.99987168321Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma entropy: 7.99977021345Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma entropy: 7.99781196203Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma entropy: 7.99958442587Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma entropy: 7.999867387Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma entropy: 7.99982670211Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma entropy: 7.99976885682Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma entropy: 7.99616210321Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma entropy: 7.99973839637Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\analyticsmanager.cab entropy: 7.99965056224Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\browserhost.cab entropy: 7.99969064067Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\browserplugin.cab entropy: 7.9992046707Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\logicmodule.cab entropy: 7.99971035479Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\mfw-webadvisor.cab entropy: 7.99497056268Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\mfw.cab entropy: 7.99645912817Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\servicehost.cab entropy: 7.99845734638Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\settingmanager.cab entropy: 7.99959252091Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\taskmanager.cab entropy: 7.99988705726Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uihost.cab entropy: 7.99874187266Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uimanager.cab entropy: 7.99966733883Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uninstaller.cab entropy: 7.99958655854Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\updater.cab entropy: 7.99956639709Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\wssdep.cab entropy: 7.99928309708Jump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi entropy: 7.99707344308Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7276, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUT7C55.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042C610 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_0042C610
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042FDD0 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,8_2_0042FDD0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042C6D0 NtQueryInformationProcess,8_2_0042C6D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00696220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00696220
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042D9B0 DuplicateTokenEx,SetTokenInformation,SetTokenInformation,GetLastError,CreateProcessAsUserW,GetLastError,CloseHandle,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,8_2_0042D9B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca400.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA5B6.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca403.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca403.msi
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\system32\icarus_rvrt.exe
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\5ca403.msi
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00694F505_2_00694F50
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00698FB05_2_00698FB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006970D95_2_006970D9
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0069F1105_2_0069F110
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B73B05_2_006B73B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CD5405_2_006CD540
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D18405_2_006D1840
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B3AC05_2_006B3AC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CFFE05_2_006CFFE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C81905_2_006C8190
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D83A05_2_006D83A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CA5405_2_006CA540
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E06605_2_006E0660
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067A6105_2_0067A610
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007186095_2_00718609
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D47C05_2_006D47C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007268E05_2_007268E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D28A05_2_006D28A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007009195_2_00700919
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007209925_2_00720992
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00720AB25_2_00720AB2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00700B4B5_2_00700B4B
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00672B005_2_00672B00
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D6D435_2_006D6D43
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006FADD05_2_006FADD0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00700DB05_2_00700DB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A8EA05_2_006A8EA0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067CF405_2_0067CF40
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF1505_2_006CF150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006BD2C05_2_006BD2C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070B3405_2_0070B340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070933A5_2_0070933A
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006754005_2_00675400
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006DB4F05_2_006DB4F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007114AF5_2_007114AF
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D76025_2_006D7602
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067F8305_2_0067F830
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0071D8E05_2_0071D8E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070390B5_2_0070390B
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D3A305_2_006D3A30
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006AFB405_2_006AFB40
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A3C505_2_006A3C50
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0069BCB05_2_0069BCB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00677D105_2_00677D10
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F06_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BBB706_2_005BBB70
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005CC9D06_2_005CC9D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005D126C6_2_005D126C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BD3406_2_005BD340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BEDE06_2_005BEDE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005CCE7E6_2_005CCE7E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C66E46_2_005C66E4
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00406B647_2_00406B64
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046A1308_2_0046A130
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004902B08_2_004902B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004823208_2_00482320
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004685208_2_00468520
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046A7E08_2_0046A7E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004869508_2_00486950
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00488DF08_2_00488DF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046B4508_2_0046B450
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004797B08_2_004797B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004818608_2_00481860
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0043F9108_2_0043F910
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A79B08_2_004A79B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004EC0408_2_004EC040
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004EA0908_2_004EA090
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004780B08_2_004780B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041E1708_2_0041E170
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004221008_2_00422100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004581208_2_00458120
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0043A1B08_2_0043A1B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A62408_2_004A6240
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040C2608_2_0040C260
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CA2008_2_004CA200
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004E221D8_2_004E221D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E2A08_2_0045E2A0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D84568_2_004D8456
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004204608_2_00420460
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CC4708_2_004CC470
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F64838_2_004F6483
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_005004A98_2_005004A9
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004225808_2_00422580
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004E25AB8_2_004E25AB
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041C7B08_2_0041C7B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A68108_2_004A6810
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040C8808_2_0040C880
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D69408_2_004D6940
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004429108_2_00442910
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004849C08_2_004849C0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00448B408_2_00448B40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042AB108_2_0042AB10
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041EB308_2_0041EB30
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00422BC08_2_00422BC0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040AC008_2_0040AC00
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00424CB08_2_00424CB0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00472DF08_2_00472DF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004010008_2_00401000
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041D0008_2_0041D000
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B10908_2_004B1090
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004410B08_2_004410B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004235108_2_00423510
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004215F08_2_004215F0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A96508_2_004A9650
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D16308_2_004D1630
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F57E48_2_004F57E4
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CD8408_2_004CD840
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CF8008_2_004CF800
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0048D9008_2_0048D900
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045B9B08_2_0045B9B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041DB408_2_0041DB40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004C9B408_2_004C9B40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044BCD08_2_0044BCD0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00425CA08_2_00425CA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044FED08_2_0044FED0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004C9EB08_2_004C9EB0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0047BF108_2_0047BF10
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 004281F0 appears 36 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 004B5E80 appears 41 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 00427650 appears 66 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 00418930 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00681BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00714231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006B8650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F85BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F9600 appears 61 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.5.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 23003272 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
Source: sciterui.dll.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_ms.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.13.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.13.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.13.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ca.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.7.drStatic PE information: No import functions for PE file found
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1717367430.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.0000000002368000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7276, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUT7C55.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: qbittorrent.exe.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal64.rans.spyw.evad.winEXE@74/1362@0/20
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042FF60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,8_2_0042FF60
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00685C1E CoCreateInstance,OleRun,5_2_00685C1E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A5318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,5_2_006A5318
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7372
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/roaming/qbittorrent/lockfile
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeMutant created: NULL
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\b5e288bd827120e1f7148c4765db9585
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\995cb1dfdac15cf206bf35d68b1b7b27
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\4eb58381ca84fca415caf4070ffa6c43
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{B5665124-2B19-40e2-A7BC-B44321E72C4B}
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server06_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: X>]6_2_005B52F0
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%klekeajafkkpokaofllcadenjdckhinm%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%fheoggkfdfchfphceeifdbepaooicaho%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile read: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1920010323\installer.exe "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: unknownProcess created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNwJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1920010323\installer.exe "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: webio.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: schannel.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Run
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw617d7505b8724106.tmp
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
Source: Canvas of Kings_N6xC-S2.exeStatic file information: File size 14472984 > 1048576
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002536000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040CF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480605860.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000036CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002BB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000000.2462770736.0000000000DA1000.00000020.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000245E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475511064.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002586000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484926082.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002508000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479660943.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2473505719.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004187000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489768595.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FA6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003416000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472885934.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003726000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003E9D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033DD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471408789.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000252A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480379493.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003494000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004024000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476310538.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000417B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489515446.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025A8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004141000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486501184.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470936803.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025CA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488891232.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023F6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472315049.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002513000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479920316.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004030000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476513644.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000344F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475014896.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001E46000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2427940153.0000000000668000.00000002.00000001.01000000.0000001B.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3591087477.0000000000668000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002564000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483028940.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000403C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476727137.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004053000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477122150.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3585729673.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002626000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497568878.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004158000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488002623.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034D9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477742749.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000256F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004108000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483548739.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003919000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501313824.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501008100.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002610000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2491543193.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471641190.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004081000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478372251.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000414D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2487001973.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbw source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000243B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FD4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474683028.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000405E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477390906.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000257B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004192000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490167835.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004019000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003489000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476107219.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023EA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F84000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472081062.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002541000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480836801.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004096000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479367721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000345B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475185895.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002604000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490562457.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004075000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478053523.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000416F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489266499.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000254D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481125471.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002474000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000400D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475894425.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002558000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481670080.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3591325154.00000000005D0000.00000002.00000001.00040000.0000003E.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474495271.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004002000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475699721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002592000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000412B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2485820570.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000251E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480145584.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004047000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476926621.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000342D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FBD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474067452.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002402000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F9B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472595155.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023C9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471178338.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004136000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000259D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486154173.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000261B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497045428.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000408B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479090655.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499346239.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_006C2B30
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: section name: .didata
Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: section name: .didata
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmetad
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmimed
Source: saBSI.exe.1.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.drStatic PE information: section name: .didat
Source: installer.exe.5.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.6.drStatic PE information: section name: .didat
Source: icarus_ui.exe.8.drStatic PE information: section name: _RDATA
Source: dump_process.exe.8.drStatic PE information: section name: .didat
Source: dump_process.exe.8.drStatic PE information: section name: _RDATA
Source: bug_report.exe.8.drStatic PE information: section name: _RDATA
Source: icarus.exe.8.drStatic PE information: section name: .didat
Source: icarus.exe.8.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.13.drStatic PE information: section name: _RDATA
Source: psmachine.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: _RDATA
Source: psuser.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.14.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_005BA100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004AC0E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_004ABAA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004ABD80
Possible COM Object hijacking
Source: c:\program files\mcafee\webadvisor\x64\wssdep.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{21cbfec0-e728-420c-b4a4-a58ad2089aba}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psuser.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Users\user\AppData\Local\Temp\mwa67FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\StdUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\Midex.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\resource.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-TW.txt

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_005BA100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004AC0E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_004ABAA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004ABD80
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,5_2_006B0540
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3A770000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AA50000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AA70000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AF70000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AFB0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B110000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B250000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B2B0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B2D0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B330000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B390000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B530000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E150 rdtsc 8_2_0045E150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\Midex.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsisdl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwa67FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\Temp1920010323\resource.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\acuapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_5-84206
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7428Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7432Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 8004Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe TID: 8120Thread sleep time: -90000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2256Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 1376Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 6252Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\Temp1920010323\installer.exe TID: 1216Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 2640Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 2640Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00456F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00456F60
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0044E180
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00454590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00454590
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00480AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00480AC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E2782 VirtualQuery,GetSystemInfo,5_2_006E2782
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224062016\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_BRW\",\"18\":\"ZB_Norton_BRW\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\":\"2.40.1.8919\",\"15\":0,\"22\":\"Canvas of Kings\",\"10\":2,\"17\":\"3\",\"16\":\"norton\",\"20}Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFI","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFK","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUC","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}3~
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2375933862.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6;/P
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}D
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2379976256.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:}
Source: norton_secure_browser_setup.exe, 00000007.00000003.2390716902.0000000003F14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: NortonBrowserUpdate.exe, 0000001F.00000002.2884114001.0000000000A1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2376585860.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:%%p
Source: qbittorrent.exe, 0000000B.00000000.2407648957.0000000001F11000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@8"_
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2290141005.0000000004E91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saBSI.exe-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424916875.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2425410728.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486418120.0000000002BA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@j
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BA5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BA5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2695083820.0000000002BA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn7
Source: qbittorrent.exe, 0000000B.00000000.2407648957.0000000001F11000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E150 rdtsc 8_2_0045E150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007170B4 IsDebuggerPresent,OutputDebugStringW,5_2_007170B4
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00695204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,5_2_00695204
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00727BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C5_2_00727BC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_006C2B30
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070E8FE mov eax, dword ptr fs:[00000030h]5_2_0070E8FE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717C6A mov eax, dword ptr fs:[00000030h]5_2_00717C6A
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717CF2 mov eax, dword ptr fs:[00000030h]5_2_00717CF2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717CAE mov eax, dword ptr fs:[00000030h]5_2_00717CAE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717D23 mov eax, dword ptr fs:[00000030h]5_2_00717D23
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C7C5A mov eax, dword ptr fs:[00000030h]6_2_005C7C5A
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F8F06 mov eax, dword ptr fs:[00000030h]8_2_004F8F06
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F8F4A mov eax, dword ptr fs:[00000030h]8_2_004F8F4A
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F35B7 mov ecx, dword ptr fs:[00000030h]8_2_004F35B7
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0068463F GetProcessHeap,5_2_0068463F
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_006F9018
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006F93F2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006FD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006FD453
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9586 SetUnhandledExceptionFilter,5_2_006F9586
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_005C10FF
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C1292 SetUnhandledExceptionFilter,6_2_005C1292
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_005C13AB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_005C4476
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004DEE56 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_004DEE56
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B5168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_004B5168
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B5C80 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_004B5C80
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNwJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7c54.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0y4ruzemtixltmxntctndk4ri04q0i3lty0ndbdotnbrkq1rh0iihvzzxjpzd0ie0ezqtlgmdhdlufenjqtndleqs05otk2lta4mjhdnzdbqkq0m30iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmevcrjatnui1qs00otmxltkzmtmtmjjgqtneqja4mku1fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezk4qza5mdm0luu1rkutneq5rc05njc2ltddrde2nzczrtc5nh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0intkymsivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{f8efd121-3157-498f-8cb7-6440c93afd5d}" /silent
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:c:\windows\temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7c54.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0y4ruzemtixltmxntctndk4ri04q0i3lty0ndbdotnbrkq1rh0iihvzzxjpzd0ie0ezqtlgmdhdlufenjqtndleqs05otk2lta4mjhdnzdbqkq0m30iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmevcrjatnui1qs00otmxltkzmtmtmjjgqtneqja4mku1fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezk4qza5mdm0luu1rkutneq5rc05njc2ltddrde2nzczrtc5nh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0intkymsivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{f8efd121-3157-498f-8cb7-6440c93afd5d}" /silent
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00430570 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,CopySid,LocalAlloc,InitializeAcl,AddAce,TreeResetNamedSecurityInfoW,SetLastError,8_2_00430570
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9215 cpuid 5_2_006F9215
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_007145DA
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C952
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C907
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C9ED
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_0071CA80
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0071CCE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0071CE06
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0071CF0C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0071CFDB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,5_2_006F7E28
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_00713F6D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_004FC039
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_004FC20E
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004F86CD
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,8_2_004F8C33
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_004FB88F
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBB37
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBB82
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBC1D
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\WebAdvisor.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00714619 GetSystemTimeAsFileTime,5_2_00714619
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BA100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,6_2_005BA100
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
1
Software		Acquire Infrastructure1
Valid Accounts		521
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		23
Disable or Modify Tools		1
OS Credential Dumping		1
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomains1
Replication Through Removable Media		2
Native API		1
Image File Execution Options Injection		1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Browser Session Hijacking		Junk DataExfiltration Over Bluetooth1
System Shutdown/Reboot
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Component Object Model Hijacking		1
Component Object Model Hijacking		2
Obfuscated Files or Information		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin Shares1
Data from Local System		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Software Packing		NTDS168
System Information Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Windows Service		11
Access Token Manipulation		1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		1
Windows Service		1
File Deletion		Cached Domain Credentials8101
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Registry Run Keys / Startup Folder		11
Process Injection		33
Masquerading		DCSync47
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		1
Scheduled Task/Job		1
Valid Accounts		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		1
Modify Registry		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron47
Virtualization/Sandbox Evasion		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Access Token Manipulation		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Bootkit		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580374 Sample: Canvas of Kings_N6xC-S2.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 64 190 Malicious sample detected (through community Yara rule) 2->190 192 Antivirus / Scanner detection for submitted sample 2->192 194 Multi AV Scanner detection for submitted file 2->194 196 9 other signatures 2->196 11 Canvas of Kings_N6xC-S2.exe 2 2->11         started        14 NortonBrowserUpdate.exe 2->14         started        18 servicehost.exe 2->18         started        20 5 other processes 2->20 process3 dnsIp4 130 C:\Users\user\...\Canvas of Kings_N6xC-S2.tmp, PE32 11->130 dropped 22 Canvas of Kings_N6xC-S2.tmp 5 32 11->22         started        178 23.32.238.114 XO-AS15US United States 14->178 132 {E5C3037F-9C43-404...rowserInstaller.exe, PE32+ 14->132 dropped 224 Query firmware table information (likely to detect VMs) 14->224 180 2.19.198.75 AKAMAI-ASUS European Union 18->180 226 Tries to harvest and steal browser information (history, passwords, etc) 18->226 182 23.218.208.109 AS6453US United States 20->182 184 127.0.0.1 unknown unknown 20->184 26 WerFault.exe 20->26         started        28 NortonBrowserUpdate.exe 20->28         started        30 NortonBrowserUpdate.exe 20->30         started        32 4 other processes 20->32 file5 signatures6 process7 dnsIp8 166 65.9.108.105 AMAZON-02US United States 22->166 168 65.9.108.223 AMAZON-02US United States 22->168 104 C:\Users\user\AppData\...\qbittorrent.exe, PE32 22->104 dropped 106 C:\Users\...\norton_secure_browser_setup.exe, PE32 22->106 dropped 108 C:\Users\...\avg_antivirus_free_setup.exe, PE32 22->108 dropped 110 9 other files (7 malicious) 22->110 dropped 34 avg_antivirus_free_setup.exe 1 3 22->34         started        39 saBSI.exe 11 8 22->39         started        41 norton_secure_browser_setup.exe 14 93 22->41         started        43 4 other processes 22->43 file9 process10 dnsIp11 152 142.250.181.78 GOOGLEUS United States 34->152 162 2 other IPs or domains 34->162 92 C:\...\avg_antivirus_free_online_setup.exe, PE32 34->92 dropped 198 Query firmware table information (likely to detect VMs) 34->198 200 Contains functionality to infect the boot sector 34->200 45 avg_antivirus_free_online_setup.exe 34->45         started        154 23.32.238.139 XO-AS15US United States 39->154 164 3 other IPs or domains 39->164 94 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 39->94 dropped 202 Writes many files with high entropy 39->202 49 installer.exe 39->49         started        156 104.20.86.8 CLOUDFLARENETUS United States 41->156 96 C:\Users\user\AppData\...\thirdparty.dll, PE32 41->96 dropped 98 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 41->98 dropped 100 C:\Users\user\AppData\Local\...\reboot.dll, PE32 41->100 dropped 102 9 other files (none is malicious) 41->102 dropped 204 Tries to harvest and steal browser information (history, passwords, etc) 41->204 206 Checks if the current machine is a virtual machine (disk enumeration) 41->206 51 NortonBrowserUpdateSetup.exe 41->51         started        158 52.168.117.173 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->158 160 52.182.143.212 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->160 53 conhost.exe 43->53         started        file12 signatures13 process14 file15 134 C:\Windows\Temp\...\icarus.exe, PE32+ 45->134 dropped 136 C:\Windows\Temp\...\setupui.cont, XZ 45->136 dropped 138 C:\...\9ffc6aeb-9106-44bf-ac20-b049e1d1298a, LZMA 45->138 dropped 146 9 other files (5 malicious) 45->146 dropped 214 Query firmware table information (likely to detect VMs) 45->214 216 Contains functionality to infect the boot sector 45->216 218 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 45->218 55 icarus.exe 45->55         started        140 C:\Program Files\McAfee\...\installer.exe, PE32+ 49->140 dropped 142 C:\Program Files\McAfee\...\wssdep.cab, Microsoft 49->142 dropped 148 15 other files (14 malicious) 49->148 dropped 220 Writes a notice file (html or txt) to demand a ransom 49->220 222 Writes many files with high entropy 49->222 60 installer.exe 49->60         started        144 C:\...144ortonBrowserUpdate.exe, PE32 51->144 dropped 150 71 other files (none is malicious) 51->150 dropped 62 NortonBrowserUpdate.exe 51->62         started        signatures16 process17 dnsIp18 170 1.1.1.1 CLOUDFLARENETUS Australia 55->170 172 34.160.176.28 ATGS-MMD-ASUS United States 55->172 112 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 55->112 dropped 114 C:\Windows\Temp\...\icarus_product.dll, PE32+ 55->114 dropped 116 C:\Windows\Temp\...\icarus.exe, PE32+ 55->116 dropped 124 15 other files (10 malicious) 55->124 dropped 208 Query firmware table information (likely to detect VMs) 55->208 210 Writes many files with high entropy 55->210 64 icarus.exe 55->64         started        68 icarus.exe 55->68         started        174 52.33.149.47 AMAZON-02US United States 60->174 176 184.85.182.130 AKAMAI-ASN1EU United States 60->176 118 C:\Program Files\McAfee\...\wssdep.dll, PE32+ 60->118 dropped 120 C:\Program Files\McAfee\...\servicehost.exe, PE32+ 60->120 dropped 126 14 other files (1 malicious) 60->126 dropped 122 C:\...122ortonBrowserUpdate.exe, PE32 62->122 dropped 128 72 other files (1 malicious) 62->128 dropped 212 Creates an undocumented autostart registry key 62->212 70 NortonBrowserUpdate.exe 62->70         started        72 NortonBrowserUpdate.exe 62->72         started        74 NortonBrowserUpdate.exe 62->74         started        76 NortonBrowserUpdate.exe 62->76         started        file19 signatures20 process21 file22 84 wa_3rd_party_host_...e.ipending.82f740ca, PE32+ 64->84 dropped 86 wa_3rd_party_host_...e.ipending.82f740ca, PE32 64->86 dropped 88 C:\...\su_worker.exe.ipending.82f740ca, PE32+ 64->88 dropped 90 22 other files (21 malicious) 64->90 dropped 186 Query firmware table information (likely to detect VMs) 64->186 188 Writes many files with high entropy 64->188 78 NortonBrowserUpdateComRegisterShell64.exe 70->78         started        80 NortonBrowserUpdateComRegisterShell64.exe 70->80         started        82 NortonBrowserUpdateComRegisterShell64.exe 70->82         started        signatures23 process24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Canvas of Kings_N6xC-S2.exe18%ReversingLabs
Canvas of Kings_N6xC-S2.exe100%AviraHEUR/AGEN.1332558

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateSetup.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exe0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\acuapi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dll0%ReversingLabs
C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder0%Avira URL Cloudsafe
https://analytics.apis.mcafee.comse0%Avira URL Cloudsafe
https://shield.reasonsecurity.com/rsStubActiIP80%Avira URL Cloudsafe
http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/v1/bsi/binaryox0%Avira URL Cloudsafe
https://sadownload.mcafee.com/#C0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/v/wa-how.html)0%Avira URL Cloudsafe
http://qt-project.org/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
https://firefoxextension.avast.com/aos/update.json0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Microsoft0%Avira URL Cloudsafe
https://my.avast.com0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/v/wa-how.htmlW0%Avira URL Cloudsafe
http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on0%Avira URL Cloudsafe
https://pair.ff.avast.com0%Avira URL Cloudsafe
http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.png0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.html64e35416b1d8ed26350%Avira URL Cloudsafe
https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordTr0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/SOR_A0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png~0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/v/wa-how.htmlu0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlP0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/v1/update/post_0%Avira URL Cloudsafe
https://sadownload.mcafee.com/0%Avira URL Cloudsafe
https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipD0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/sa0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BFCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://webcompanion.com/termsCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://sadownload.mcafee.com/products/SA/v1/bsi/binaryoxsaBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.mcafee.com/consumer/v/wa-how.html)saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://home.mcafee.com/Root/AboutUs.aspx?id=eulaCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000005.00000003.2402097240.00000000029A7000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://qt-project.org/xml/features/report-whitespace-only-CharDataqbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://analytics.apis.mcafee.comsesaBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.nortonlifelock.com/us/en/legal/license-services-agreement//zbd=Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://sadownload.mcafee.com/#CsaBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://bugreports.qt.io/qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpfalse
                		high
                https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordersaBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://docs.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://shield.reasonsecurity.com/rsStubActiIP8Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000C.00000003.2413974771.000001E647AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://firefoxextension.avast.com/aos/update.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://reasonlabs.com/policieshCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.avg.com/ww-en/eula/en-us/Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.remobjects.com/psCanvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                            		high
                            https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.innosetup.com/Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                		high
                                https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/Microsoftqbittorrent.exe, 0000000B.00000003.3027292090.0000000004E30000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://analytics.avcdn.net/v4/receive/json/25?-avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBIavg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://my.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.pngCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-onqbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.ccleaner.com/legal/end-user-license-agreementCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zipCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005521000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://shepherd.avcdn.netavg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive-daily-2.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.mcafee.com/consumer/en-us/policy/legal.html64e35416b1d8ed2635Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.w3.oravg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.opera.com/he/eula/computersCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive-daily-1.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://drive-daily-5.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.mcafee.com/consumer/v/wa-how.htmlWsaBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgilavg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordTrsaBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/SOR_ACanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                    		high
                                                                    https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zavg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png~Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.nortonlifelock.com/norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427534051.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://trolltech.com/xml/features/report-start-end-entityqbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                              		high
                                                                              https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://drive-preprod.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.avast.com/prVersionCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002550000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.opera.com/he/privacyeCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://analytics.apis.mcafee.com/saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.htmlPCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.mcafee.com/consumer/v/wa-how.htmlusaBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.pngCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://ocsp.sectigo.com0Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://update.norton.securebrowser.com/NortonBrowserUpdate.exe, 0000001F.00000002.2884114001.0000000000A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.avast.com0/Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://webcompanion.com/terms?Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tokinstaller.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://sadownload.mcafee.com/products/SA/v1/update/post_saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.avg.com/ww-en/eulacyCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349477442.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2348673267.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://reasonlabs.com/policiesCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://honzik.avcdn.net/defs/avg-av/release.xml.lzma#avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failedavg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://ipm.avcdn.net/avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3378161000.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://honzik.avcdn.net/savg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005533000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980549975.0000000005544000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.avast.com/eCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sadownload.mcafee.com/saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.avg.com/ww-en/privacy-us/Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://v7event.stats.avast.com/avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://shepherd.avcdn.net//urlavg_antivirus_free_online_setup.exe, 00000008.00000003.2381404487.0000000002B78000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2381510177.0000000002B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmlsaBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipDCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://sadownload.mcafee.com/products/sasaBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      52.35.171.66
                                                                                                                                      		unknownUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      65.9.108.223
                                                                                                                                      		unknownUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      52.168.117.173
                                                                                                                                      		unknownUnited States
                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                      1.1.1.1
                                                                                                                                      		unknownAustralia
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      184.30.25.22
                                                                                                                                      		unknownUnited States
                                                                                                                                      		16625AKAMAI-ASUSfalse
                                                                                                                                      23.54.81.192
                                                                                                                                      		unknownUnited States
                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                      65.9.108.105
                                                                                                                                      		unknownUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      184.85.182.130
                                                                                                                                      		unknownUnited States
                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                      23.32.238.114
                                                                                                                                      		unknownUnited States
                                                                                                                                      		2828XO-AS15USfalse
                                                                                                                                      104.18.21.226
                                                                                                                                      		unknownUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      52.182.143.212
                                                                                                                                      		unknownUnited States
                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                      23.32.238.139
                                                                                                                                      		unknownUnited States
                                                                                                                                      		2828XO-AS15USfalse
                                                                                                                                      23.218.208.109
                                                                                                                                      		unknownUnited States
                                                                                                                                      		6453AS6453USfalse
                                                                                                                                      34.160.176.28
                                                                                                                                      		unknownUnited States
                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                      52.33.149.47
                                                                                                                                      		unknownUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      34.117.223.223
                                                                                                                                      		unknownUnited States
                                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                      2.19.198.75
                                                                                                                                      		unknownEuropean Union
                                                                                                                                      		16625AKAMAI-ASUSfalse
                                                                                                                                      104.20.86.8
                                                                                                                                      		unknownUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      142.250.181.78
                                                                                                                                      		unknownUnited States
                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                      Private

                                                                                                                                      IP
                                                                                                                                      127.0.0.1

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1580374
                                                                                                                                      Start date and time:2024-12-24 12:19:13 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 13m 51s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Run name:Run with higher sleep bypass
                                                                                                                                      Number of analysed new started processes analysed:46
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:Canvas of Kings_N6xC-S2.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal64.rans.spyw.evad.winEXE@74/1362@0/20
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 80%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 93%
                                                                                                                                      • Number of executed functions: 119
                                                                                                                                      • Number of non-executed functions: 161
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                      • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                      • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                      • VT rate limit hit for: Canvas of Kings_N6xC-S2.exe

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      11:21:27Task SchedulerRun new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
                                                                                                                                      11:21:27Task SchedulerRun new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      52.168.117.173file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                        https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          Sykom_CopySykom_CopyGet hashmaliciousPureLog StealerBrowse
                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                              maryanne@propertynz.co.nz_Agreement70554.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                SecuriteInfo.com.Win32.Application.Agent.NSIF6L.17895.28880.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, XWormBrowse
                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                      3WffcqLN3q.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        CCE_000110.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          1.1.1.16fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.1.1.1/ctrl/playback.php
                                                                                                                                                          PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                          • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                          AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.1.1.1/
                                                                                                                                                          INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                          • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                          Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.1.1.1/
                                                                                                                                                          184.30.25.22Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                            Domains

                                                                                                                                                            No context

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            CLOUDFLARENETUSAudio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 104.17.25.14
                                                                                                                                                            SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 104.21.80.1
                                                                                                                                                            cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                            • 104.21.67.146
                                                                                                                                                            Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 172.67.177.134
                                                                                                                                                            fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 104.21.36.201
                                                                                                                                                            bG89JAQXz2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 104.21.36.201
                                                                                                                                                            SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 104.21.36.201
                                                                                                                                                            https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 162.159.128.70
                                                                                                                                                            https://office356quilter.krkonqghz.ru/Vt2VD2f3#https://outlookofficecom/mail/deleteditems/id/AAQkADU5#aGVpZGkuZGlsa0BxdWlsdGVyLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.21.17.63
                                                                                                                                                            AMAZON-02UScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                            • 44.237.186.112
                                                                                                                                                            x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                            • 54.171.230.55
                                                                                                                                                            fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 54.73.104.6
                                                                                                                                                            nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 54.171.230.55
                                                                                                                                                            Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                            • 185.166.143.49
                                                                                                                                                            Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.50
                                                                                                                                                            AMAZON-02UScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                            • 44.237.186.112
                                                                                                                                                            x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                            • 54.171.230.55
                                                                                                                                                            fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 54.73.104.6
                                                                                                                                                            nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 54.171.230.55
                                                                                                                                                            Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                            • 185.166.143.49
                                                                                                                                                            Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.166.143.48
                                                                                                                                                            2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 185.166.143.50
                                                                                                                                                            MICROSOFT-CORP-MSN-AS-BLOCKUScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                            • 104.208.16.94
                                                                                                                                                            armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 20.82.46.15
                                                                                                                                                            armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 23.96.213.168
                                                                                                                                                            splm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 22.194.19.202
                                                                                                                                                            nklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 22.109.0.81
                                                                                                                                                            splarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 22.194.60.247
                                                                                                                                                            nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 21.74.41.87
                                                                                                                                                            jklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 40.93.122.151
                                                                                                                                                            nabspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 21.158.152.50
                                                                                                                                                            nabm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 20.118.60.36

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler.exeViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    Lisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                      SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                        SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\Config.Msi\5ca402.rbs

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):7854
                                                                                                                                                                          Entropy (8bit):5.496953988381299
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:wgeP5RyHSIgHSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:w/5kHeHkXRo2Y7jMgDBBd4C/Q/Bp
                                                                                                                                                                          MD5:F6EBC36F7ECCA3A5D96E37B33F4F0258
                                                                                                                                                                          SHA1:75E7085B82E3BDC62B198D75D85057EE6D3E0B68
                                                                                                                                                                          SHA-256:ECD5A21C4FE7CE78ED2340439BAB9D3C64D4DE8A577DD2D880E3B418E505FE88
                                                                                                                                                                          SHA-512:3CF8C59618B29E1BEADC204D57FA2C40711F9AE40BFD5BBD643A83F1BB32E075F3BCE05BFB2E0E0DB0F04608FF843E3291DDA4728B712648F443012F2947D0A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\5

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\@PaxHeader

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):28
                                                                                                                                                                          Entropy (8bit):3.5566567074628233
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:XVTKlUv:FTj
                                                                                                                                                                          MD5:B9EA04357667FD46353CA3E48F346261
                                                                                                                                                                          SHA1:CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
                                                                                                                                                                          SHA-256:FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
                                                                                                                                                                          SHA-512:5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:28 mtime=1686233326.3398783.

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):383232
                                                                                                                                                                          Entropy (8bit):4.3682050352007735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                          MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                          SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                          SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                          SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):404480
                                                                                                                                                                          Entropy (8bit):4.403596063022666
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                          MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                          SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                          SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                          SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384296
                                                                                                                                                                          Entropy (8bit):4.381583745540333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                          MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                          SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                          SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                          SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):438592
                                                                                                                                                                          Entropy (8bit):6.45992761938075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                          MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                          SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                          SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                          SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):755696
                                                                                                                                                                          Entropy (8bit):5.78064070271127
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                          MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                          SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                          SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                          SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateHelper.msi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                          Entropy (8bit):4.377706577325397
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                          MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                          SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                          SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                          SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                          Entropy (8bit):4.377540113876844
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                          MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                          SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                          SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                          SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\acuapi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):561456
                                                                                                                                                                          Entropy (8bit):6.89287156869539
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                          MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                          SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                          SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                          SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719056
                                                                                                                                                                          Entropy (8bit):6.672324901238704
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                          MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                          SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                          SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                          SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdate.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1707520
                                                                                                                                                                          Entropy (8bit):6.329347716504747
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                          MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                          SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                          SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                          SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.850152460164065
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                          MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                          SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                          SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                          SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42944
                                                                                                                                                                          Entropy (8bit):4.835542008183028
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                          MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                          SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                          SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                          SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.8691314938087595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                          MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                          SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                          SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                          SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.936222804071481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                          MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                          SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                          SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                          SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.655403186782661
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                          MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                          SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                          SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                          SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.69656607023198
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                          MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                          SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                          SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                          SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.656501839350111
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                          MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                          SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                          SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                          SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.647516797051505
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                          MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                          SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                          SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                          SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.945276126044921
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                          MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                          SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                          SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                          SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.636317941438334
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                          MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                          SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                          SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                          SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.6565699525229025
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                          MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                          SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                          SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                          SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.646030612051221
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                          MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                          SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                          SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                          SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.630177626115215
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                          MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                          SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                          SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                          SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.645463686029905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                          MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                          SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                          SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                          SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.845272670813686
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                          MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                          SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                          SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                          SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.6596573287160785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                          MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                          SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                          SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                          SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.640479522161056
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                          MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                          SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                          SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                          SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.662517782893104
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                          MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                          SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                          SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                          SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.923122510985089
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                          MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                          SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                          SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                          SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.8817065986468595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                          MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                          SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                          SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                          SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.6636431303483
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                          MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                          SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                          SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                          SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.688666100525905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                          MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                          SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                          SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                          SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.639484979051941
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                          MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                          SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                          SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                          SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.658477005342536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                          MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                          SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                          SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                          SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.6324666300251005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                          MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                          SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                          SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                          SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42432
                                                                                                                                                                          Entropy (8bit):4.854173056599383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                          MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                          SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                          SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                          SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41408
                                                                                                                                                                          Entropy (8bit):4.883723947959775
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                          MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                          SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                          SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                          SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.954692594620765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                          MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                          SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                          SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                          SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40896
                                                                                                                                                                          Entropy (8bit):4.911833136088746
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                          MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                          SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                          SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                          SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.677692678096642
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                          MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                          SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                          SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                          SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.703009692113209
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                          MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                          SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                          SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                          SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48136
                                                                                                                                                                          Entropy (8bit):4.926909967496055
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                          MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                          SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                          SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                          SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.898551846960824
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                          MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                          SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                          SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                          SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.652027629630858
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                          MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                          SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                          SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                          SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.64263735417891
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                          MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                          SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                          SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                          SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.660574455025035
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                          MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                          SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                          SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                          SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.699948735964885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                          MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                          SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                          SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                          SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.66752824702996
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                          MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                          SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                          SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                          SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.646340111209961
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                          MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                          SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                          SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                          SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.668533720243672
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                          MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                          SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                          SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                          SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.876003031420293
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                          MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                          SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                          SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                          SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.69456859037089
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                          MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                          SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                          SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                          SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.657549160186828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                          MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                          SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                          SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                          SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.872942179610346
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                          MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                          SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                          SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                          SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.664578663662526
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                          MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                          SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                          SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                          SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.694492393037756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                          MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                          SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                          SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                          SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.948448659499415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                          MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                          SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                          SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                          SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.900098776782017
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                          MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                          SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                          SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                          SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.898585189301246
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                          MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                          SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                          SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                          SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.710217028647626
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                          MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                          SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                          SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                          SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.886468370762969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                          MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                          SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                          SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                          SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.8564330106913625
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                          MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                          SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                          SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                          SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.771867334398084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                          MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                          SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                          SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                          SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                          Entropy (8bit):4.841517965818435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                          MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                          SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                          SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                          SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                          Entropy (8bit):4.854603942594096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                          MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                          SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                          SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                          SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):519152
                                                                                                                                                                          Entropy (8bit):6.796206581178465
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                          MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                          SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                          SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                          SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\psmachine.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                          Entropy (8bit):6.6364472604888975
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                          MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                          SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                          SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                          SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\psmachine_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                          Entropy (8bit):6.353157166068969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                          MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                          SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                          SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                          SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\psuser.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                          Entropy (8bit):6.636012823818412
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                          MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                          SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                          SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                          SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUM7C54.tmp\psuser_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                          Entropy (8bit):6.352828173572569
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                          MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                          SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                          SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                          SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\GUT7C55.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          File Type:POSIX tar archive
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11550720
                                                                                                                                                                          Entropy (8bit):6.033044964444277
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:+aEmBopka2Rn0ttjsQlms7+oWD0/v+lzP+5ItO04rq7D0S8zpWwRFh4rH5EaFh4l:SpF2Rn0ttjt7+1I0RQcmiGYTGLB
                                                                                                                                                                          MD5:0E16371DE9A96CAA60FFE3CCAFBC8343
                                                                                                                                                                          SHA1:DFF8071D944CDE352DE9F34CCFE785F7DE1C3C0B
                                                                                                                                                                          SHA-256:9DAB943357DBFEBD3F2AC522D9C4565E90EB8428A01248F7F1D68BFB75B5A416
                                                                                                                                                                          SHA-512:28D6C511392E06CD0A4EB19573DF78A0E12215253D36ED10BB84AD70203A9204C1638AA836BD57AAD036D2BA6D31AB5F827AC60F81A1F4C26B89C56B25FC49CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: C:\Program Files (x86)\GUT7C55.tmp, Author: Seth Hardy
                                                                                                                                                                          Preview:././@PaxHeader......................................................................................0000000.0000000.0000000.00000000034.00000000000.011452. x....................................................................................................ustar.00................................................................0000000.0000000........................................................................................................................................................................28 mtime=1686220543.2942097.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):383232
                                                                                                                                                                          Entropy (8bit):4.3682050352007735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                          MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                          SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                          SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                          SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):404480
                                                                                                                                                                          Entropy (8bit):4.403596063022666
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                          MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                          SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                          SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                          SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384296
                                                                                                                                                                          Entropy (8bit):4.381583745540333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                          MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                          SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                          SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                          SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):438592
                                                                                                                                                                          Entropy (8bit):6.45992761938075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                          MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                          SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                          SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                          SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):755696
                                                                                                                                                                          Entropy (8bit):5.78064070271127
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                          MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                          SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                          SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                          SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateHelper.msi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                          Entropy (8bit):4.377706577325397
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                          MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                          SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                          SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                          SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                          Entropy (8bit):4.377540113876844
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                          MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                          SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                          SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                          SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\Recovery\GURA1ED.tmp\NortonBrowserUpdateSetup.crx3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):372
                                                                                                                                                                          Entropy (8bit):5.482499476027719
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UMxoUu9MK34QL:hYXc4xXgqmeNs3Mq8M0/dy9LIQL
                                                                                                                                                                          MD5:4D8445BE9D81A364CF37F96FC4E2B298
                                                                                                                                                                          SHA1:3620B97328218316462005C8715AA5F03B4AE233
                                                                                                                                                                          SHA-256:E63A98B802D38A5C6FA8A6BD1A6CF7612A591148C62DE73C3A4C36BF7CDB92AC
                                                                                                                                                                          SHA-512:E751608BF528CE20F58AEDD12B2D480F12F23BC574719A5FF0F5A4249F764DD702130F4FFFEFF19F41810C3D91C04A0341950313A42D598F3011B770EA4805AE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7BA3A9F08C-AD64-49DA-9996-0828C77ABD43%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):561456
                                                                                                                                                                          Entropy (8bit):6.89287156869539
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                          MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                          SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                          SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                          SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719056
                                                                                                                                                                          Entropy (8bit):6.672324901238704
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                          MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                          SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                          SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                          SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1707520
                                                                                                                                                                          Entropy (8bit):6.329347716504747
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                          MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                          SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                          SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                          SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.850152460164065
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                          MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                          SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                          SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                          SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42944
                                                                                                                                                                          Entropy (8bit):4.835542008183028
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                          MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                          SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                          SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                          SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.8691314938087595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                          MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                          SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                          SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                          SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.936222804071481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                          MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                          SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                          SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                          SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.655403186782661
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                          MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                          SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                          SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                          SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.69656607023198
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                          MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                          SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                          SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                          SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.656501839350111
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                          MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                          SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                          SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                          SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.647516797051505
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                          MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                          SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                          SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                          SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.945276126044921
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                          MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                          SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                          SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                          SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.636317941438334
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                          MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                          SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                          SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                          SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.6565699525229025
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                          MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                          SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                          SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                          SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.646030612051221
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                          MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                          SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                          SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                          SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.630177626115215
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                          MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                          SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                          SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                          SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.645463686029905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                          MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                          SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                          SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                          SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.845272670813686
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                          MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                          SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                          SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                          SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.6596573287160785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                          MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                          SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                          SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                          SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.640479522161056
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                          MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                          SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                          SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                          SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.662517782893104
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                          MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                          SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                          SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                          SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.923122510985089
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                          MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                          SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                          SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                          SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.8817065986468595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                          MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                          SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                          SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                          SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.6636431303483
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                          MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                          SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                          SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                          SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.688666100525905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                          MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                          SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                          SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                          SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.639484979051941
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                          MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                          SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                          SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                          SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.658477005342536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                          MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                          SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                          SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                          SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.6324666300251005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                          MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                          SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                          SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                          SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42432
                                                                                                                                                                          Entropy (8bit):4.854173056599383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                          MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                          SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                          SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                          SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41408
                                                                                                                                                                          Entropy (8bit):4.883723947959775
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                          MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                          SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                          SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                          SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.954692594620765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                          MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                          SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                          SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                          SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40896
                                                                                                                                                                          Entropy (8bit):4.911833136088746
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                          MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                          SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                          SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                          SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.677692678096642
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                          MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                          SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                          SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                          SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.703009692113209
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                          MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                          SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                          SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                          SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48136
                                                                                                                                                                          Entropy (8bit):4.926909967496055
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                          MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                          SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                          SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                          SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.898551846960824
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                          MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                          SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                          SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                          SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.652027629630858
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                          MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                          SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                          SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                          SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                          Entropy (8bit):4.64263735417891
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                          MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                          SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                          SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                          SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.660574455025035
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                          MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                          SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                          SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                          SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.699948735964885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                          MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                          SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                          SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                          SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.66752824702996
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                          MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                          SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                          SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                          SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.646340111209961
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                          MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                          SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                          SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                          SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.668533720243672
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                          MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                          SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                          SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                          SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.876003031420293
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                          MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                          SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                          SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                          SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.69456859037089
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                          MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                          SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                          SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                          SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                          Entropy (8bit):4.657549160186828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                          MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                          SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                          SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                          SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.872942179610346
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                          MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                          SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                          SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                          SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.664578663662526
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                          MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                          SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                          SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                          SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.694492393037756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                          MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                          SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                          SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                          SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                          Entropy (8bit):4.948448659499415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                          MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                          SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                          SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                          SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                          Entropy (8bit):4.900098776782017
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                          MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                          SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                          SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                          SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                          Entropy (8bit):4.898585189301246
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                          MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                          SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                          SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                          SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.710217028647626
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                          MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                          SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                          SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                          SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.886468370762969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                          MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                          SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                          SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                          SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                          Entropy (8bit):4.8564330106913625
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                          MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                          SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                          SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                          SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                          Entropy (8bit):4.771867334398084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                          MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                          SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                          SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                          SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                          Entropy (8bit):4.841517965818435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                          MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                          SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                          SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                          SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                          Entropy (8bit):4.854603942594096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                          MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                          SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                          SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                          SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):519152
                                                                                                                                                                          Entropy (8bit):6.796206581178465
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                          MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                          SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                          SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                          SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                          Entropy (8bit):6.6364472604888975
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                          MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                          SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                          SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                          SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                          Entropy (8bit):6.353157166068969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                          MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                          SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                          SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                          SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                          Entropy (8bit):6.636012823818412
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                          MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                          SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                          SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                          SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                          Entropy (8bit):6.352828173572569
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                          MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                          SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                          SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                          SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                          Entropy (8bit):4.624111172624227
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:xVRcyqFhXUAKFn:xVRaFhiF
                                                                                                                                                                          MD5:4957ED73D5E5E303E351C8F8B7B53E1C
                                                                                                                                                                          SHA1:E61238F49E44237C56D4D5B41AEB150160880B74
                                                                                                                                                                          SHA-256:59727F7A256B7A70971F2E62B43B0A923937F85689FC3AA4AE50E4FBFBF83499
                                                                                                                                                                          SHA-512:DB4854667285BB1CD8D07AB189607EC5BC489AFB2D0A5B5A3388F91CEFD012FECA689787452901E0EB1DE6E8792E69C0097C38B89BBA0D977D0B29E5E5EF2FEB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[App]..ServerURL=http://bcu.ff.avast.com..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 42
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):170
                                                                                                                                                                          Entropy (8bit):6.515978266451506
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:mlll/Q0LUUtkqiTISB3YXnaSWAaDVVg4G8prFgGjYwW8mLhx4HXn:Bb+7SBpaaDIl8prFDy8mwn
                                                                                                                                                                          MD5:3A0E9E1388676424A5D3F23C23A251C2
                                                                                                                                                                          SHA1:719F3425FA6255561FEE23D6688A69A1FE3DCD58
                                                                                                                                                                          SHA-256:49BD4673A416AB9EBB6235F51FDD9E4F09CE1F00428DB0C541C249F9929DDF23
                                                                                                                                                                          SHA-512:A422103851E269482FA667FD149DF337D3863F850BE2C32B79790BFC906E4B429BDEF17EAE00C8978B76EA0E350362494953D7E394F813B43A677E5CB82E62E3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:]..@.*........-.J....G.....F.G.......c5.......%...E.....@.....p.ASWiSTRU...d..BrowserCleanup.ini%-{0a,.v.3...Y...I.X.E#..f.....}.m\.h..~...+|.09e.N~..{*({uq.MASWSig2B

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1068256
                                                                                                                                                                          Entropy (8bit):6.25247393831248
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:xAg2736UJeKSaEKqHbq4wTX89D+4TcmuOtU1dQ7E:xA1pJnSx1bq4wTX8Z+4TcmFtUp
                                                                                                                                                                          MD5:3EEE4838B06924D5E499164A1DE20A3E
                                                                                                                                                                          SHA1:A6F3D3E2A9CB292772F1C7F4C237718B4A2BBDAF
                                                                                                                                                                          SHA-256:1A78E88DCF5EEDDE1F27233959F8294B69B28CCF5439BD65ABB64D94B681DA61
                                                                                                                                                                          SHA-512:E61899534FEE47E694AB34728C132DC9CC55729BB28FD9B857A793E671985D935D7077AA0E2FF0D176166256ED41ACDE2184A1F2605A99DF1C0AE9F959376383
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........................................................................................y................Rich............................PE..d.....g.........." .....r...........}...............................................u....`A.........................................................p..............."...*......L...p...p...................x...(.......................h............................text....p.......r.................. ..`.rdata...............v..............@..@.data....w...@...V... ..............@....pdata...............v..............@..@.tls.........P......................@....gehcont.....`......................@..@.rsrc........p......................@..@.reloc..L...........................@..B................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 1068256
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):363623
                                                                                                                                                                          Entropy (8bit):7.999451395078015
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:RK6aYwewWxD9DZuhLC25Rm0mcfX1kWVin6fcdMV7hk2TzG0CUayibEA32iFa2:R1apePD9DZuY2QcfX+686US7h1TzgbEe
                                                                                                                                                                          MD5:C0D83C94E28BE46885BEFC75954CF343
                                                                                                                                                                          SHA1:E1AB83F40A0CA2B78691F15865F12636F4E5D2E4
                                                                                                                                                                          SHA-256:5142C917D08FA58767D5BFE12039712A2799CD79D6D8DECE576894BCA7822D3F
                                                                                                                                                                          SHA-512:E790AFC101658C88871ACBAA4BC55A3BDB1B720D21EF6723CA561A1C284B74BA5AA4609F6E918DED5A7C451A0BA0F21E5D832CF97871261F185C8DEAB2D48AED
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..L.......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X......k?....!.k..Z4L..?o....?..A.X&....K.".&.....)%n)j.2b...1..xwZ....I.(.Q..................C..)q^.. ...^.L.+~.<..}...7.TX........u.8M..T3.m;.... ...Wv.J^..n.f.........C.+..C.....Ry.v..+..x.Z>O....U........u .t..a..pQ..Y.T..w,..G/.s7..CgQ.7..&(.....Y.&.A...r....1.... .~F......B...........T.a.Oc...0..d/OW ......#j..'...F+.O......I..F...wb..m.X!....+v./3"8.......gCx....Y..fD..\Z.d>..hg..p.G0.l...r.....|bi..(..eN....&.xI....5Y.'Je*.3T.....*x...._k...<...9;E/Sz.....kg5...MJ6.#.......V_.`d....Q...E.3N..'.V(...W.LrW8.A..L.nh5.4..5.:^.2LW..JI...../..8]...V..x....Q...s.B.YF.y..."O%k..X.(.2.L7..5......A..B...yb......G>...S9n.hWIF...f.s...R.b2.6.u...W.e.jr....$....e..J.[.:.btT.".j..Q%..J"..g.a.5._Y,\w....na.r..B6u ....G.c]D......3......p.V..h.9I.'$.~....7...o.......%$.OC=...x...rU...1?NQ.3o..B......P[..uW.O..O...A...7kxu....-}q~3.~......Q.LM._.;...9..u..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):103648
                                                                                                                                                                          Entropy (8bit):6.195667678157773
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:PsEMdY59enGtW/zc7fKJP5MYEh1nql94d7ed:S4iGtAz0fU7ju7ed
                                                                                                                                                                          MD5:CD50E16876C1F6C9D298E6701542C98A
                                                                                                                                                                          SHA1:8E610BE20057D3D47827B29E9D0E47590C35C5A2
                                                                                                                                                                          SHA-256:4B3EBCA714DB750DEAF104F45F3A235731091669C4E0F8DCBA96AFAD2271CCDC
                                                                                                                                                                          SHA-512:AECEB71551D9CAD04A404D0D56BAD5FCEDCE7EBBFA2069287090BDC2E3D2EE63C579AA434EC5E05AF50D2E3A44B8A14B22B900479B0A74D4A26F479AD4E5D12E
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z...Z...Z...N...^...N...Q...N.........]......N......J...N...Y...Z..........[......[.....{.[...Z...[......[...RichZ...........PE..d...M..g.........." ................@................................................:....`A.........................................Q..L....R..(....................j...*...........C..p............................C..................8............................text............................... ..`.rdata..............................@..@.data........`.......@..............@....pdata...............J..............@..@.gehcont.............X..............@..@.rsrc................Z..............@..@.reloc...............b..............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 103648
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47913
                                                                                                                                                                          Entropy (8bit):7.996162103213019
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:768:fTfTFGrIeKbap6bJ0nXE50yFB3RpxK012tL7RaHsCSRbNGhorOtAoVHK:fTLft+4KXEBJRpo0iDCW4horOGodK
                                                                                                                                                                          MD5:B6629DF7058B4E69C497DCE5C1FAB29D
                                                                                                                                                                          SHA1:6B8B9DBCF400F46F701591B1F6B84F7F7E09B955
                                                                                                                                                                          SHA-256:A4FA25AC18776F3BB956C5EB785D0CDDA7A5E0104590CD5B267EC0158BA0DFD6
                                                                                                                                                                          SHA-512:1EF830329DE7FDE8DA67AEA2F0ACBADD1A0FCA7414D889DBD89419F6C47E5010FFA532CB4F2148CE4D3BE9F65EEE2AA41FBF47870C070E8F2228982548C4899B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..........&..p.........../D.|...!.6.uc..L..BW..........*....~..4.+mW....#.{*...u..Z.t.'.r......T......vJ.]].....-r..~.p...ry....%..o'.Q...W...M?].G....).e.l>.kE.m..O..f@..3.xPS..Fl.FOt.=....C d3......i..3.3...r.....>.PQr..U..*.k%...*.<.......O.....-...A.m.YI......?..P6.f.,B......+`.3.w.TsC.u7.>.Ez...W...r(uH..;4.%,0.....3Jvs..F..._..[U..G?..`........Mb..w......Fx._..|.._-..:..W..-.X.......H.T.).....-4.a....7Po15...f.6.l.C.iV...`.....i..Z..'.K*..l.^.JD...v..;.... .............\86..j...!.uy...~.X..c ...[..F...B".Y..J.tv.{...1.b......`.Y^....>...d.ox'.2Yk.i.....n..V.{...!.E.6."..cL...<.........KFJs..cV..P.'.V<..8.."..1....7.,....{.3......"{..G0......@Bl.....'^....7..u..&.....2.q.....M.&.k.k.:%.}..4.V{....]]..?...T....W.....au...2..........A.\6.... e.V......x.u;.:."...`E#.e..7.|rJ.W/.Z>P..wvn..Y.m.>.[....1....e...Z......$T.6........a.....5%e..V.g...#.....35N$..:j.....N'.._-..q......r..5>77f...W"..c%.......^v+.D4..."....+L...._y.Ft_M

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1939168
                                                                                                                                                                          Entropy (8bit):6.41298411154414
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:ZAGJlMHxUZD+1/59GEGjKYHiJ0/0iqRocc+4:gC+D9BYHFK34
                                                                                                                                                                          MD5:560E15436650CD78FF67300AC11E6906
                                                                                                                                                                          SHA1:4F791757AA5F8C87901FA73C22730BD007D73372
                                                                                                                                                                          SHA-256:32A00811469303853D0DB51C5F51623667E8D9F142F8F96BB7C1DE8013151CE0
                                                                                                                                                                          SHA-512:8BF2834ADF14245296C50D9F3B7F0C4AB42BABCB155BD43588B9B192FF284BF06D5A0A13C0BC46EF37051DCE7AA070397ACCB84E22CE957FD4CE3BE930B5BA5C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........N...N...N...Z...X...Z...C...Z........o:.O......D......%......i...Z...F.......@.......I...N...........W.......O.......O...N.j.O.......O...RichN...........PE..d......g.........." ................0B..............................................e.....`A........................................P...........................d....l...*.......'...L..p....................M..(....L..................@............................text...r........................... ..`.rdata...7.......8..................@..@.data............t..................@....pdata..d............V..............@..@.gehcont.............8..............@..@.tls.................:..............@....rsrc................<..............@..@.reloc...'.......(...D..............@..B................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 1939168
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):755645
                                                                                                                                                                          Entropy (8bit):7.999738396370558
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:X7Y3JSDbE9dv9xtn4SQo/jJPje7qVuBe65g/YwllEdWZfU5KSWdk8HkfKjbdhjPf:LYZSDbgdhf/NcHBzq37Lh6KSVfybPgdy
                                                                                                                                                                          MD5:7EEDD775E13A6BB329D30513E9C4BD79
                                                                                                                                                                          SHA1:1D31A1527839CA98CD8F6C0259D81EC86EF472DB
                                                                                                                                                                          SHA-256:5D5427FDD3DBE7B1972E8ACCD51DC8E603D3F5AA6B9FC1B68425D2E5D93F85FB
                                                                                                                                                                          SHA-512:46F449B3C24005D943105A4FA34855543F01D8694678D0E5CC3EFE797082407241A1F9A4DAA5EF141C0504A59E3CDD8684BE41B6C091C0C55DBA066BAD0902A6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....{....7x=.iU..qct..z.U..Q..k.u....sLu.cfL...h.......o.m.(.6V..jv..:.W^%.L..0..(@s..\/..ug.J....b08..2..u......... ...*,.:.|..\b.DX&.G.......As....V..W.. .*.B'H.....P.J'.i.K1....$a..i..A..S.a.....c...a..K(...Hy.9s...?...2..t.X3S.Y......FzE.F..ME...=Sz..l....'..(.U..>......:...DX.(...6T..5HH..wP...D.51..<.OE....d..s)..h.}C.s.N.[..z....5nZ...4...'.P=\;$..p....G......E.}..{x&.#3...7.^c.t*.#...?...X...K...l...*)..p.A.../.v...4._L.,.$.T...c...p."-.<...>.`t1....^.....e..x...lM.DZoK5..Sj6L.8r.Po.$.2\..s.k..0...8..U..z......2..#..;..p.F....D.|..&..[....!...a...I!g<.&{\o.&"..twj$`i9..H..>>..}.$..g......Wglz5WV....;.F.<.. .Y...K..tU...x.pe.d!Rh}..\K.H...k4....i..O...9.8.6.y...F...-....T.>R/......z.1..].nz.pP.......Ql.UD..1.g._.~....0.f....m.............z..........W.z0U(....yDir5.....z.....".?@.?....2$..........S=^.q.$(.[(..N.S.2...Qr...#.'6.b..{..=....

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5553376
                                                                                                                                                                          Entropy (8bit):7.985234413492871
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:bZ/VSf0JyAXlnqg5YFKhC0szInLQYVt5vWgAQc6xEuGs+9:bZC0gwlnTYFKhC0suLQYVq1Q4uGR9
                                                                                                                                                                          MD5:806D9988AA2D554F347C868D4F673500
                                                                                                                                                                          SHA1:18C873E06BEDECF086BCE677833F32EA8A9791CA
                                                                                                                                                                          SHA-256:BA25881FD19FDD6B5AC87E50C87411E8D7485BD7F3587E1EEEAB0585C99EF9CA
                                                                                                                                                                          SHA-512:B1256662AF428D583E41B7DF169F9BA28154F1362F57447508BFD314936DF40D55E1EB3DCA705A1D5B2D5CD265BBEF50825B731731574FF62906DFB7C0D2D646
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................J...............J.......Rich............PE..L......g...........!..........T...............................................T......U...@.......................................... ...T...........T..*..............p............................................................................rdata..............................@..@.rsrc....T.. ....T.................@..@.......g........*...p...p..........g...........................g........T..................g....................RSDS.y.5..@..)0..|n....libwaresource.pdb.......................GCTL....p....rdata..p........rdata$zzzdbg.... .......rsrc$01.....&....T..rsrc$02........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 5553376
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5525694
                                                                                                                                                                          Entropy (8bit):7.999962255984575
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:3UCsWXDqcxMKnCd+7ZQUKgcTCf7uUTv9BFMVuKemWRci3Z3mQblMkSzCuFE:3UCseDzltUef7dJMVufPRP3ZWUli/+
                                                                                                                                                                          MD5:71F433C9382D3BB96B1ED2165C06452D
                                                                                                                                                                          SHA1:C8D537B711C749805D6DF00EDBBEBF9EB34CF669
                                                                                                                                                                          SHA-256:A686B0BFF2C2E4C39B2FA19D5D79C9900F09700C83FF861069471BC92221F5CA
                                                                                                                                                                          SHA-512:B792F2FC4845FC9F8F930227AF0ED21EAA47864A562C2D77148375D0498C04E22C8D51EC597DDAA829E0CCAEDA3C791458AD1EA4D541C3DA18ED48EF44B57622
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..T......&..p.........../D.|..<...L..j!..@. Iu.u........qm;.7p...7.(...`..W...i....x4........l.~..41D...=..J..`BMC.7./.k%y...-.U^.....(.]...Pd..c..F.....&M..})....+t...z...1A.^.A..a.-.M.3J..4.)=?P.....on........\z%.%.......WB.....Ff.......,&....l...Z...^.g....B..5..YO.a.{O.4.B2K.q.Ce..+$N.....`W..Q.#..O..\}wqv..*..#?....d]@...)...J1.@..8.0-.;.9Q(#fk~...G........k...H.2'!..L.k..yCy.e.=D..`.L.sb...t.<..h.B..t....$.~._Xk.q?.....b.]}=.z>..."R...%;.U.]g..L.(.....]._.....m.JEQV...@.u~A.....*...vu.;.+B...e..s.....T.f....z\b|...:........X..{#.r.E_v.U.r.1........Y...*..z...}.....X.*.W...H...zx..A.`..v....T....E...e=.<...G+.Hx#oh@...I......I>J.&kM..Z.P.x..tJl..=./...}..c\......~L..-:.c....GB.6.Fc.:...e;.R'n.b)Z%.y^..7.$...D......\m...\.Y.Fc.3..kD..^R..y.......J....~...PC0.)j....U...-.....v..Wp.;T...../.j.o.I>Q.=.]O..K.....R..RR.......w_9...P....uZ.Vz*...X..z...{...r2...A..b...C._.b^C.8....I.S_.V..$#.....5.}.M.X..%s.ui..^?(.../...8..G..F.<..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3687136
                                                                                                                                                                          Entropy (8bit):6.266368108850902
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:M5MVHkXXl0C5Hw3mPgXDU5w5jlryYdq4wTBCBkS8Ft7wBO+iKS1cKzwJ/8:MGNcQq6xBkCO+iKSh
                                                                                                                                                                          MD5:CEB5EDE01129C47FD048DC779766D5A1
                                                                                                                                                                          SHA1:B4DCCE1D0DFBC58EDAC4674A025354445FD79162
                                                                                                                                                                          SHA-256:7CA2E06A57C965CD365DC706EF484476F6A7442EC0FEC76C859014994B394C61
                                                                                                                                                                          SHA-512:865C905EBB9A87EF6CC6C1D2AEBABA54BEA649783DF4101DC26F6B326C41798C0848F5E2F6642047A9BCC40CD40D9CD0DD148449E595530075B69F40FF5619FD
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........m....................x...$.......!......!..................!.......!...............~..}.......!.......!......!......!............!.....Rich....................PE..d......g.........." .....$#..........|........................................<......)9...`A........................................p.3.|....5.......<.......:..n....8..*....<.,+....+.p...................p.+.(.....&..............@#.......3.@....................text....##......$#................. ..`.rdata..@v...@#..x...(#.............@..@.data.........5.......5.............@....pdata...n....:..p...`6.............@..@.didat..0....P<.......7.............@....tls....a....`<.......7.............@....gehcont$....p<.......7.............@..@.rsrc.........<.......7.............@..@.reloc..,+....<..,....7.............@..B................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 3687136
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1075166
                                                                                                                                                                          Entropy (8bit):7.999841245759444
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:2VFoXlVvphGYcazuXDqqrWThMqxHrSGm7m6Lq+DOmoxXRg4S:2ViphQaiT9qrSGm7F3HoVRTS
                                                                                                                                                                          MD5:D10F6ED03BE2A72DC864B869A65D99C5
                                                                                                                                                                          SHA1:4374E7B2B7041C9C8381876292B909A0CFAE5EF2
                                                                                                                                                                          SHA-256:E4FAF41AECBC6E323972AFFEEB16E11A9F44A15B31E5F2DD087CC6B06B3498F8
                                                                                                                                                                          SHA-512:CE8BF6D103DA4FD775C704DB21423B91009F4BF6F2BBD591FCC871CAF47997F54A7469C99B2257E8AE7635F0E19ED2ED42BE533817E884C88E547A29754456A2
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..B8......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...ax......R......:8:Z.8...&... .V..V?.$:w.I.C..u.!....8_..w..%l......M4..:..5..3...,S&.."....z...P...n...l.I.d..E....j.L....X..$........z....J...JY.5..&8....N=.....5.3...54...Ac<Q{.K+0.....T.."....w2....I........jp..S.P.$.v_.X.x.'.FkXWez@....Q.l..A....v....8Z...[G......QR6..R..l.ANZ.@..-P..Qk....VWM...`.]..d.......e!wv....24.^e.3..V...o7.vw.xu4.....<....f@.S.|w[.c......L..Zf...$.g..6....5..X}.q...Xwd....'"..(6..2.........Ke-..6.h.....3h..`....r..[....|b5..p01uf.`1...{6.6.C......o..e&.=........@q.....`......6n........3<6V&.-9r..\T./w......u7.L.8..j.I0.#..a...W..]..@A....>..Z..%.S..S.-XY.........Wpa..(.z...y.uQ.....s..E..11......kK7....J@~...QH.R...k..w.R...).p..q..7....3..Hs.BhATi.H.%k.........$~D(D...p.M..*...W..5.S.L&.....R.B$...L.....)/........y.N.cA.8.a..7.?..f..#i..k..@.z.f..t....M.F..h...s...1A..}......Z.7.=.vj...P.8....t&.c.4.2 Y.....'T..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5191392
                                                                                                                                                                          Entropy (8bit):6.269190421422258
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:RYzlmyFceO5NQpafVmSnVtKw8N6Xt00+I3u+Mm:RYzlmymeO5mpafVmSnVtKw8sK0ZMm
                                                                                                                                                                          MD5:7F53AECA6B9A601D957AFB91C8169FA6
                                                                                                                                                                          SHA1:68DC9B27924AC2BDBD5E57F023573DC49D13C2EE
                                                                                                                                                                          SHA-256:471077CC29241FFFACEC8BC50EA6A9F976ACA2E0A6375F4D231978C38C89BBF1
                                                                                                                                                                          SHA-512:EAFEA98D8CF17B46D2F367FF548DF432F8CE6C39A82267CE1FC6C6CCF9D2CAB098CFE12804BCDEF89F2764424DF3E087B0A714FE4113BCB1453407ACD6F5C18D
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........%r.pK!.pK!.pK!..O .pK!..H .pK!..N +pK!p.!.pK!C.H .pK!C.O .pK!..M .pK!C.N .pK!Y.J .pK!&.O .pK!'.O .pK!-.O .pK!..J .pK!.pJ!.qK!Y.N ypK!Y.K .pK!Y..!.pK!.p.!.pK!Y.I .pK!Rich.pK!........PE..d......g.........." ......8..T......`.,.......................................O.....,<O...`A........................................`.K.....(.K.@.....O......0M.|0....O..*....O.(,..`.@.T...................X.@.(.....@...............8.0............................text.....8.......8................. ..`.rdata...f....8..h....8.............@..@.data........@L...... L.............@....pdata..|0...0M..2....L.............@..@.tls....a....pO.......N.............@....gehcont$.....O.......N.............@..@.rsrc.........O.......N.............@..@.reloc..(,....O.......N.............@..B........................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 5191392
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1504080
                                                                                                                                                                          Entropy (8bit):7.999871683214955
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:RCSVvBkkoviN66nTugo/k0JI7Yuk5UMxJEALBNGWy3t9OMLCyqikWx0KKjsfvC:3kUNQgo/kvcuk5UeEtBWekRdp
                                                                                                                                                                          MD5:D7C228C03712D0EF557DD3522CE8424F
                                                                                                                                                                          SHA1:B77995BD36C68A8A4242ED87D40B255C3C57BD21
                                                                                                                                                                          SHA-256:B199DB026BF421C72F4CA39482B7DBC20568AC01266DF11FB4A87BABCE9A54EE
                                                                                                                                                                          SHA-512:D0F29E79BF6D775283EACCCD68B0FB84DB65E722FF4E5EA9AE327ACB4C97AC1CC02E4739037AA381D6A458147AF0DEA3DE7812748B04A74A983DEA25A42D17EF
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..6O......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...au...!X.Lt.I..ge...c.<.%..<ktVr.Z.]...9..^..`..A. ...7J..y...#=Q......BL1.V....U..$.^.;..vN-`..9Lzk.(..m.".!0^.h..*...... `6.S].pK8:......]y.kj..h..o.52.uT0...0^..-F.s...21..Vr..F...V....U,.....8..a....?......X.1u.A.QAi....._.y?._....S...\.."..=i...6/^.mS.\9.!.0.%U.lm....`..@.sr$..p.|..*.c..V.b!...Z3I..h...y.Qs..G......o.."D...@.Q..X....H.#"...x...1P...&.-o.%.7......x|...%.3......#...N..a.p}...(Q.Q.a....jb.....i.s...Y..:..Y0....>........gB..../rL2l........ln.?.......S..mo4....Dk...R._G..Wn..-.. w..W.V.A.R.*.(kV..~.g.7g.s...n..k.\...C.+.k..K.....R.b".....suW...6..h.[./j.H......n..0..'.v.u.:.a.+s.{....6Q.I.K..>*...8..*.j60...[.p...g.P#....Q..(;.............I*.r.UU.....54...n..4.z.OF..-..@M.....3.9..B.ER.lSd-....f.R..p.]u...._..-\.....J0m....qTw..L...w.......I,[..........x....q....1..n..uC......L.0e..../Y....s.Z.!.+.\.7.....$.e.C.....L~@.....M..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\setup\asw617d7505b8724106.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21873
                                                                                                                                                                          Entropy (8bit):5.690464339074782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                          MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                          SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                          SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                          SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\setup\config.def (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21873
                                                                                                                                                                          Entropy (8bit):5.690464339074782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                          MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                          SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                          SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                          SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\setup\config.def.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22038
                                                                                                                                                                          Entropy (8bit):5.68898765386383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:DdJqUXHtpV2gGJi0YiwA+T4b3p+gJBG1srr7dld13eicHoEIks:TqU9WJi804bXBWwL13enHoHks
                                                                                                                                                                          MD5:EB4B78EBFB796B32E09981C73F576AAB
                                                                                                                                                                          SHA1:3C6C28C88AD5D385F9B0DEE1F50E5D58B553AA77
                                                                                                                                                                          SHA-256:A863C196CB3FD213D972966370747BFC3AAC486F6054A44FD80BBB4F2D488C0E
                                                                                                                                                                          SHA-512:24EC3294280D620D19E3FDB631449F32212ABDB0618DABAA2173D23CAD384D35637C64F23C074F27C566BA9FB84B4A14E102E018E19C6328EF9609BC69076AB2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInter

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2725192
                                                                                                                                                                          Entropy (8bit):6.499351150831322
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:6FMG1CllYiY3TN5SxWC6ppkviShWIGrqw/1TQr:OQb6Ty6ppkviShWIS
                                                                                                                                                                          MD5:548FF176E24CFC2401CC41CF9CB9F3B8
                                                                                                                                                                          SHA1:1E2F8ACAF53F0F4BEBAC71B280362DD86AB24702
                                                                                                                                                                          SHA-256:0E72FEE6FB647EC817D64221319944C6E74A90925EA03AA4E88F0B9D69BD663C
                                                                                                                                                                          SHA-512:F68E88495691AF112CB9708C444173CCA68795624C699AD5FE54F8072E1087935964B32A8900F74FE826DC372AFCA5814958F282D54624CA5CEC904E1869A419
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........q..".."..".qi"..".q.#..".q.#..".q.#.."{..#.."{..#.."...".."...#.."b..#..".q.#..".q.#.."...#.."...#.."{..#..".."Q.".q.#'.".q.#..".qk".."..."..".q.#.."Rich.."........PE..d....N`g.........." ...&............`!........................................).......)...`A.........................................y%.`....{%.......).X.....(.@m..Hj)..+....).X"..8.!.......................!.(.......@...................Dq%......................text............................... ..`.rdata..6...........................@..@.data...,'....%.......%.............@....pdata..@m....(..n....'.............@..@.didat.......p)......<).............@....rsrc...X.....)......>).............@..@.reloc..X"....)..$...F).............@..B........................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2725192
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):879506
                                                                                                                                                                          Entropy (8bit):7.9997702134486905
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:oRreJDsijFVA2kBdzSt4xU5uXRl0qN5QJqEKULX:nJDs+kPI4xUefqqE1X
                                                                                                                                                                          MD5:13FEF5DF45D723C40F1C2F7D17211648
                                                                                                                                                                          SHA1:2D3BFD84484B5DC061349B9085AE17A90E0D1304
                                                                                                                                                                          SHA-256:D8FD9740CB2FDBD0DE996748422CBDC93713EEE0FBE95D80D52A524F9DDD8DF5
                                                                                                                                                                          SHA-512:6C65CAE08A8810A5665BD5C979AED5FB88D2F5EA862DEA2D770178F67671C5937A8B27A2B62166E02F06190F2DA10D3C3715F2BE669AEE0ACE821ACA9AE8DAB1
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H.)......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N..........Q.o(V.JW .........oc)...fL...+=..=.?..#.......2..PF9k.-.+.{.d...IW...N.V.may....m.t..,.@.Z...... ....0..p....c..1...... .$M..51.|C..'....V..L.....n {1...\....^.bNp`(?..K.k..@...l...x...^.9.9...}/Di.J}...Cg....l5...'.<YL..>"".........?g9..=......k3..+.YVP.....y'.u+n....A@^............N.V..6~.;]....-...~.:.....BJ.|...}+~.....#...^..;9...y{]i...\......TwF..x....L..C.........Q...k.....Yw@~...3..|...j0...\..b...V...e.9.....m....:..y.G..Q..2...9C.....Y.i..SOM.1H+1.........z.?.t.R......._=Y..0y.$..N..b..k.U]G.1`..1.b.V.g..U....\..."=M..\.-....k.\...DkL..g............0/......s{..ZG.\{.....)+...mn/}V:....N..1nvK%....-9v-....jq.]....-..v...!..Y...7.9.A....u.5j...a.........I.:y.`%vFg..].........F7......r...8.3..hj..V....R._.-K...%Ko.Y|{.;.=7.4.Yg..}r.A.l.5..O<...^..G$.........2...Y......OQ..Oq"..u\..VP.h..1...5h-.....N.zI7.i..n}w.!....B....c

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):253256
                                                                                                                                                                          Entropy (8bit):6.791883910972933
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:hPNKzt1lvINhb/v4ps8xph0LR/hSMXlk4ZqKFya5XB67TT173cOMHo67:9NMtrI7bcph0lhSMXlBXBWn173cOk7
                                                                                                                                                                          MD5:FC290ACD457E70A34FD9B81D153A696D
                                                                                                                                                                          SHA1:A0B8BCFDD45A002A0D4D26F3D0894BFC82050670
                                                                                                                                                                          SHA-256:465E3D7A6797FF83EF9CDFC59F3E18F5E6D9B7D2AAD9DD007CBD8676BEA8369D
                                                                                                                                                                          SHA-512:4E4A07680E48537CCC6F2709355FA658334C11F726924F0A1D512A91E940E01245BEB64C3EC149C1C5D0258C353D9CEB42572BB3FE7835C1DDE568E92981F0C2
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........E...+...+...+..o....+..o/...+..o(...+..o*...+.z.(...+.z./...+.......+.z.*...+..o*...+...*...+..o...+..o"..+..o+...+..o....+......+..o)...+.Rich..+.................PE..d....N`g.........." ...&.&.......... ................................................?....`A...........................................T...D...........0.......@...H....+......$....f.......................g..(.......@............@...............................text...[%.......&.................. ..`.rdata...a...@...b...*..............@..@.data...............................@....pdata..@...........................@..@.rsrc...0...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 253256
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):90557
                                                                                                                                                                          Entropy (8bit):7.997811962033521
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:1536:q5Ja9ahrtRIbM7vz0UcLmRmJ+t5tRqHA+0FVwScFxlgjeVFB6IXKY1XnWt:+ntDo8Ro2tRUA39V6VFoIfXW
                                                                                                                                                                          MD5:17DF1531F7CDF68F1C01A4C2A21A9630
                                                                                                                                                                          SHA1:88CDD3FA3A00F03CC8C48A03331B8D0EAE3FCCEF
                                                                                                                                                                          SHA-256:C4CE435270A1D76D63833E6063BF0F8CB50A92F7B996F3E8116005772A2D396E
                                                                                                                                                                          SHA-512:3D0FD2645BBD66FB1B1E14662E5B339E1D05B67ECB390B3321A9FECC96CD091073E522C944FBB400D0BFB2A786FDB60112EF8793A5708A6A8780B05FC384DAB4
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../..gK.....J(a........J".......7o...p.f...q6..H....B).^.k5....tS.tyg;..k...B.^fW.5..kD3.U.KN5.6..6..&.7`1P.p.]........[..<.2.)...2..Kdy:..\..Tl..F=..*.......y....n..VZd..v..L.....s..K..5jMJI...i..B......(......AA#.:....=;..w...z..f.I...tw.5/K....F.D..G..U..[..4.........65.WE..O....0y.[..X.?.0..H/1~.D..4.5.........t.X....2.U;......;.uM.x..k...W...MW.!.....l....^...;C.xT2..J... .7..M.R8P.a...6..3....q.]Q....1@.V6z.\..e.....g..z..BR.,......Fl:Dl....W.F...io........s.@..3..Q:. ....<.R.c....w.d./..o_.r..........y.A...}.H......ix[y...L;.....S.-.T...$<a........f.Q.)......|..@..l..8....J.[p..3..Gs\<.q.1.n....;...Wt.Vb.GZ......4.mt7. 3..4X..R%....B....h...uyr.4.^.'...........gT..a...\......A.......a...."`.K.`Y..|.8..U...'8...yb....'..{.S.h.mz.;.4./T....<........~.zo.r...2~.............T.........)...]....G?.b.]Q..)`.>..Eo...8u+[...u...?.Aj.qY..B..X.f\P.J...._..0~8.

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1629000
                                                                                                                                                                          Entropy (8bit):6.532447463222375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:yJhqUXbHEDQSxQ8DbDUeqQ2h0lhSMXlutveynaN7:yDTXADQQrbDUnCQve
                                                                                                                                                                          MD5:8ED228055F4A834AD15D8E9F32223941
                                                                                                                                                                          SHA1:9BB77A691BE8C19EC89603F7181BD60EA4FCB59F
                                                                                                                                                                          SHA-256:8BC99C388A6901D489FC76EA798147C4325864C42D341C8EFC22D8E26EBA45F0
                                                                                                                                                                          SHA-512:B12AAF657B9B2B5B4CD023AF59FCB5EED5A99AFC4EA2406C9085BEC1BE19598A666BE9539D6550C1D5B009746FDFEA4C48F510D7B3750DA316AE8D3D4125EF17
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......8.[.|z5.|z5.|z5.z..}z5.z.1.tz5.z.6.xz5.z.4.tz5...6.~z5...1.~z5.u...jz5.z.0.Xz5...4.~z5...4.vz5.*.0..z5...4.iz5.|z4..x5...<..z5...5.}z5....}z5.|z..~z5...7.}z5.Rich|z5.................PE..d....N`g.........." ...&.............v....................................................`A........................................p...t..............`.......$...H....+......H ...8.......................9..(...p...@....................... ....................text............................... ..`.rdata...7.......8..................@..@.data...............................@....pdata..$...........................@..@.didat..............................@....rsrc...`...........................@..@.reloc..H ......."..................@..B................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 1629000
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):451836
                                                                                                                                                                          Entropy (8bit):7.999584425867543
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:eqdk18/jcYLhEEWkXF5iguYPvMWiVdoARDZGJy1Bzc:AW7FhkkXVucvMWiVeAhYJ5
                                                                                                                                                                          MD5:B98B07A01E6133AB3D9589050BAFF66E
                                                                                                                                                                          SHA1:B3190121C7EDFF68A57E4B5BDA6ECD24134B52F4
                                                                                                                                                                          SHA-256:77EC5B99B6FB9537DF3DF18F55DFA88C8416D3A0537FE93B038A6070DE202D1F
                                                                                                                                                                          SHA-512:7933DC5A0FA55362923E19E22E391E0430A8992ECE5C1842A271BE5027736154DF383F4797DAE1243A84EB7702270E7EE15B1324FCAC1858E6BC2CE77D77042D
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H........&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X....|g.=.y...w.<,.?..U..x_XdpC..k........ku..z....l..v%.f. .B...{rg...+.t0...1...9..g=....<..~..Po.0....#....q....i.!....`9%..,.%Vqs.O.V0XKg.H.v...).9.f...U(t...kY....`G.C.ML...@V...;...zS?K..l....j..fY..YD..P.g...(.=..L..Kc!F}........4...cR..U....lp....4...=.a...y......VL..|......<......z..o..?4r#.z0.y...jx.........B+HA.pZ._..U.x...vE.,._.zf.*...Tcj..(g..n....*~.}.T...*.i....f....}b.9.6... !-z...3d...}...J6?.2<..@.|._DXy.%.{..C...,..gj.f>j.. .jM...B;{..GR{H4..#..f...p.bW=.&.8.'O.....].>..NC....._2....g...h.F....y.zuM...0.myU.5.WE.......b.~..R.b\#..p.s....Rj`,S.qXi.BFB(:G!Y.............9.....X......P..E.3.I.Qw3.:.,.N..ny5.{.h..W..E...c..~.3..l.f..C..p.@.p.....}_..Qs..kx,0.b.3.".g?,.....+s.N.e..5..... -.xL.3...]....lq....D....&..v.....CPX.L29.......j....$...pW_.b....6!. 1.?....(U..H.....s?.}.F.w.....UI.4...........3..`.4...te.r.rB6B....k...]...>...._...;..

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4927304
                                                                                                                                                                          Entropy (8bit):6.494068924919758
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:k2dLHdl4jqTKaYngG3jHB1uhpU6Of1M6gBlwmN/CJXcXgI7sg8Dn0i7GVBdvKARU:8oc6S641cBCcQI7sg8Dn0i7gF2
                                                                                                                                                                          MD5:21AC48F95FD029C9B64EEF0D35990E95
                                                                                                                                                                          SHA1:7A5BF5D15FBCEC71D416C9B068CAD78EF19A03F6
                                                                                                                                                                          SHA-256:F7B15C8F64E58CEB4118C1333D9255364CF02CA4D257BF06333FA4060B72E34E
                                                                                                                                                                          SHA-512:688BF2A9E53EB8073E1ECD88FDEA4F696B1CEB5620BB95A1F8BBF8317C86C16802E41E0D2D64CB3AD7D391584BB9C5C29F8A77AFF8CDCA44A33F2C5EDFADE138
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........LSV.".V.".V.".PK..Z.".PK&.\.".PK!.P.".PK#.^.".PK'.n."...&.W."._...L."...&.L."...&..."...&.W.".V.".P."...'.U."..#.T."...#.s.".V.#. .".<K+.F.".<K".W.".<K..W.".V..W.".<K .W.".RichV.".........PE..d....N`g.........."....&..0........... ........@.............................pK.......K...`.........................................0.?.......?.......J.......H..Z..H.K..+....K..g...8.......................8.(.....2.@.............0..............................text.....0.......0................. ..`.rdata..Xw....0..x....0.............@..@.data...df... @..4....@.............@....pdata...Z....H..\...8H.............@..@.rsrc.........J.......J.............@..@.reloc...g....K..h....J.............@..B................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 4927304
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1395094
                                                                                                                                                                          Entropy (8bit):7.999867387001488
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:eUoVPFZCbRGSVFl/AXB6G6Z76oBibe4wiEMBcdIsV+ixqTLca:eUoVFcFGGAXB6GrbFwpYiUfD
                                                                                                                                                                          MD5:DD70ABC3A0B465BD7FE9A913CB95A451
                                                                                                                                                                          SHA1:2FAEB5050B8EDF20CDA0BB8727D132EA23DD9E9A
                                                                                                                                                                          SHA-256:A9F406654BADC9805405452F00B831861C58181C7663AE6C6613271C2EFDC654
                                                                                                                                                                          SHA-512:E81D5B82705652B1EF122AFC99B3241C64F46F82E83EF67007467DEB8A19E5B6127A56F50DE123318E59B7CBEA6F235969EF7472E532FE1E22EE910EEAF5C2C0
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H/K......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........{>>]@..x)pz.......S....*fl.u.B...Wi.5...y.w...G.........C...Mg..a....~A..df.o.&r.-8..P7....o..&.~C......W$yY......%O..,.a._...Y.p.d...Zn......Vh.J,.='k.....a..h.i. ...7.%.-u}..g\ro...p.h..QG6F"..mH.TdK2k.=/v8.5..-..Y4w...C.....C..o.e.-.h.Mi.vq....3.w.U..i..L..6.|.Yl....s............z._...O....MCl8z~.......uR...|I...M..m.L*....F......@#.v..<..5j...K.s.i.o+w...-.(.....;......q....;Y.O...A..l.A<.~...CP..Ci:V..z.4.*..WK.$m...HF..B...9r..* ....).h...|/...Y.'..D%....0...x...n..Fa\7@..eP.Z....y&......... ..5..n......?..h.T./>.....A.H.y.....3.....J.c.r.*.an8......<..h..:.@.G_......JN.....f..f/. ...&.|xy....F.x.5.....?....?w%^.Q.........J.;.wrz.G..)-s0R...N o\.>a..Z..(.9.8...CPx..+.w..=...L.4s..J.9.(.2.>...\Q.....b..L..:.8.v....!..g(;".5D..[(...e4.'.KG.&../8...qq11oyz....Y.6.i....I]....... .]4.>P8..rz..........aB..\Z..6=...V..8w...r..8;Q:....Jb/*T.8

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2297056
                                                                                                                                                                          Entropy (8bit):6.638268199451772
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hBpuZldQQkAezlT+p+alTW5zl+tT1UFq+s056tA25NHiRWuGJybZJq75Yw:hvuVQQk3A346tL5NHivv0
                                                                                                                                                                          MD5:110506E850B169EF9CFCD662A8CEFD5D
                                                                                                                                                                          SHA1:7F1DAB07E5FAA8C47B73F9BE2D6D1060A858DC1A
                                                                                                                                                                          SHA-256:91C3ADEAD22B2A7914D395DBDE1F78CFA6F71B9463182993DA064C9EDA137249
                                                                                                                                                                          SHA-512:091ABBBDD187C61ACA44B8C6243398C98CA08FFA39FC3889E0AE4279B2E94BE386CF3FD45A1C581BE7130FDF55AB8D139BF82D7362088F3D2AAA5CEEA4DCC162
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........p>...m...m...m..lv..m..l...mVn.m...me..l...me..l...me..lA..m..l...m..l...m..l...m...m...m...l...m...l...m...l...m...m...m..m...m...l...mRich...m........PE..L......g.....................X....................@...........................#......#...@........................... ....... .......".`A............"..*...P"..%......p...................p.......x...@...............<...l. .@....................text............................... ..`.rdata..zp.......r..................@..@.data........ !..z.... .............@....didat........!......v!.............@....tls..........!......x!.............@....rsrc...`A...."..B...z!.............@..@.reloc...%...P"..&....!.............@..B........................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2297056
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):887276
                                                                                                                                                                          Entropy (8bit):7.999768856820654
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:4t+kE4Mrq6Tx5itLM9D9ynUrRsdwhWuQmbaO8joUr9k:48D1u6lAtLM9DAnasMGO8Mq9k
                                                                                                                                                                          MD5:CF482EECD94B83CB59143061034A96B3
                                                                                                                                                                          SHA1:242E8D8444731C48D7C0215A01A722729061870E
                                                                                                                                                                          SHA-256:59E52C257532FE32F6201E00DEFC51C3F7598399C18D6D90D7E67EDBDC02E3C8
                                                                                                                                                                          SHA-512:20AD806A45B9FC2EE207033D47F2FC3656C26207DB5E946EC5117E304A5F5B32C86BEE9E47648E62DCA83F5B7E505E3333F147C895262A79A8ADCEA74EF27800
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@...#......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.......b....<i..>.Z......Z.....i...i..<..5..gI........Ux..E.....{7.8n...6...&Bh.!..AU......OG..|i`N...5..Xs........9s.K....t......$lz=.wl......A.Y...D.p?m.O.6...t..;..qETG.pl.:m&.....4._...'..O....i._<.....GrWHF..&N ....n....m......,r.=.....qO.Z.YUK..t.AY.f]..o..TQ.......G..a....q........a..$.....x.....x...P X.H.&..xX.Q.Y..#...9..i...y......a...g\.G./.z....84~U.o..Y...J.....rI..a....~.%d6....+I%....e....J...Q3.W......q(W....m...&a...kl......yK.].E..}.L..;G.......>..H.......E-.(`@.d...y..&O.G...5..s..~..G.Ma..d.....#a!.s...u.R`O..8.^.4..9.ty....8...ThZ..x..~HmX.L.........n5,......$XT.?1F....e..l..O..S.....[.Ir..J.Pd...H..H.{......~...#..^.u..)...f(Q.b.v..R<......u(;.L..K=..p..E.Q.0v9I.&F-...VP..~1#EB%s.q....yw.F.s..y..=....".z&.v....iWV..OQ?....)w(!.h+..!...+.-.P..$.&.. V.1..0...W.K@=.b....V.r.\.d}.!....,`....Ts.X......t.7n.5.x.o./..9.OX..H...xRD

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2892512
                                                                                                                                                                          Entropy (8bit):6.399881569757676
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:XyWKeLO9VgpshjgKyycgwk5dB8sd5ICqM:XyWdpFvk5RwM
                                                                                                                                                                          MD5:CD457186825A4D00D4204F8750E14BA8
                                                                                                                                                                          SHA1:FE619166CF445344B499E42ADA7C8A2514782DF2
                                                                                                                                                                          SHA-256:9CD44679F177066F4F78916AE1017CB35B265271FECB84B8AC0513EA881AF740
                                                                                                                                                                          SHA-512:90D396FE84CB8C4C42D91704D8C29BFF8B16FAC21446F6B780F47E124FA8E633A81F9ABA2DF41AB915E363A00B5E5DC5670C07A1AB9ACFE5B985F3ECB3D93EF1
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........<V.noV.noV.noB.mnZ.noB.kn.no.#.oU.no..mn_.no..jn~.no..kn.noB.hnT.noB.jnN.noB.onG.noV.oor.no..jnE.no..fn..no..nnW.no..oW.noV..oW.no..lnW.noRichV.no................PE..d......g.........."..................?.........@..............................,.....C2,...`..........................................L).X....Q)......0,.`A...p*......+..*....,..*..p#%.p....................#%.(...P."..............0.......L).@....................text...<........................... ..`.rdata..r=...0...>..................@..@.data........p)......\).............@....pdata......p*.......*.............@..@.didat.. .....,.......+.............@....tls..........,.......+.............@....gehcont$.... ,.......+.............@..@.rsrc...`A...0,..B....+.............@..@.reloc...*....,..,....+.............@..B................................................................................

                                                                                                                                                                          C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2892512
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1036251
                                                                                                                                                                          Entropy (8bit):7.999826702106487
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:9HFmfultzZGI5OmX7FrsiLfLJ/EfZvCufrMHIJ1jKklhv4LtCTo2:9HFO4ZxrFr9LfU8Tu1jNv0tCTf
                                                                                                                                                                          MD5:CA53DE839D5C970715C9194CA6CDCF57
                                                                                                                                                                          SHA1:E2068FCB296C5C7C787B3E40330721FC15E1CCAE
                                                                                                                                                                          SHA-256:A9CEF2B3C55194A08DF3580725914B9BB39E192A4E0607B39FED064DD18B7362
                                                                                                                                                                          SHA-512:858D3F7EF81ED5F44A9615E7258823EBECBB837DC08190885ED222C123124116C6B89DBAA822CE5F825984FBE9316B0FEAAED0C1B5D7840753A9CE6F7DFB5C31
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..",......&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../.?q.......s9.T.?.*...1..,.q@..<.0.M.....X....>j{.2hQ..X.....o......'4.....x..>...d.l.....8......,0.)..I2.h..K.(...i_.F.}..E.R.9.........O.....y.]|.I.W.^....Gnj=#W..a?T..Y.........L.f.:.F..&.eJi...Q!n...=?.:.]..1.C/...{..ynC..u..4s`Oo:........x...t,A...^..1.;.......NW....$Q..@....".@\..,.b.d..q..$VvY.~xN[.....3=...p%$s...1.6..t}.;E.~..RWr..........$..|W,....;.ah...=E.4n_^...e.!..9K$..Y....O..,.E....l..SYZ....=..p};xEC.....x.=....D...q.yY..q.-.u;9...8W.....7>..oG".p..x?.......O......p.X...o......qjfJ..Q.D...........!..c...C..........bOa.......z.%.D.b..WP..0.y..X.yEX..a1...P..).,l...mV.....}.......2Q.....x.g..t......N...*..Z.`...9..iZjmK+j.0)2..LP.....q.............(....J.3.......I.".w..K...F.AH.&.2.3}E.....e.......<.....)...%>*...(..-......bw,..D..,.Z.$.U..............W_.Z.i..U9.{....$8...b.b......=Y._......:.>1.....S....[..5......q|....).

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\analyticsmanager.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 1873389 bytes, 2 files, at 0x44 +A "\analyticsmanager.dll" +A "\analyticsmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 167 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1884085
                                                                                                                                                                          Entropy (8bit):7.9996505622372345
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:LlNi5UxPyveWv1Kq0bsw2m0ynXCuTDEU9t3DupTUrhGB/34WSID:BNi58y2qK7CynBTcp2s3pSID
                                                                                                                                                                          MD5:D879D97ACF98B6EC553731A91D9FCD1C
                                                                                                                                                                          SHA1:B001BA483BDB22E75069BE626946C9BE06AEA9F5
                                                                                                                                                                          SHA-256:D5D6D579965CB2E231AF81A2BF60A39A1955EC3782F27D9B1B8177F87B202C94
                                                                                                                                                                          SHA-512:0514F7F80D7D2D05F949621B80166602096130DB5F18C6099C35A0EE18DF8EAAF056557F24DE1D2B7C5C4817056B4CDDDA42231243FA35B64BD1853558FE4236
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF...........D...............................)....................S........YBq .\analyticsmanager.dll.......S....YLq .\analyticsmanager.manifest.i....+..[...3 x...@..$"....ZN..2\X.$.H.....JfBF.VPA..@&l R6...9E..#@.6....D..-.$.Ho...L...`.S.Df..j....y....{u.g9..x...H.3._.&^..!.?..V...sX...S.{V/...j>..Nn.Y.Nv$....c.\.].X..p...p.k...J=..A1.j.` (..|...CHH.b@...........PU.A.9........I.u:.n.h h..bD.......sXK.F0.u.K..^\.....(L.Z....`.f...T;.3...b..j.......m.N.;....m......w.7.In.....o....r.^...n.Y...T.........._>.1.^{..6...)..m...h...T..f.rw^c..uEW.7w}...5I%m..k...?<n...f..6....C.?..?.oV...6.{{..7W...s......k9..I...g5..PG.....\c...m.^..P...TS?.hv.Bz.....w.|.......G.]...k....?vM.,...@.g......Xol.."...{...).t../MY(;..&.....e...q.Z.R.[w.3h=7.|_..;._g.v8k..{l...3~........uK...k;....O=>.C.;....n..Iup..?...0.&.\.r..m...........:F.n...O....1.._..t....g.5Q..{.l....A.....0...}.5.0..xz.L.]U..@..y.:...7..H.....+..n..k......}bbW..6.2..Wo......._..Gcp$.vG....oA...

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\analyticstelemetry.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 39734 bytes, 56 files, at 0x44 +A "\analyticstelemetry.manifest" +A "\context\analyticscontextconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):50430
                                                                                                                                                                          Entropy (8bit):7.941471101884989
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Hd16nLMR3pD1CrhfSYKhdrFo5h3rzmXDQ8nDx7/c9yI46JKwF2PsS2EF:HT6nIhp4rI1diL+D71zhXw7SL
                                                                                                                                                                          MD5:A15CF0E1FEA6C857CD90A27073009053
                                                                                                                                                                          SHA1:0C5735098A552EF00F0E3E406A0D8887F296C7B7
                                                                                                                                                                          SHA-256:63B731A170F3EEC34F4EEDFC1727F9C6343C0AE2F981783873C638F9A8F16EBF
                                                                                                                                                                          SHA-512:851765E13AF4444AF9DDECBF48E4D11A83B8E8494CE6795C97855A90F7F24163F6E4548C4FDE451E45FC1B17BCC54618FCC780B9263D223961E02CAB355E1D9C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF....6.......D...........8...............6....)..........T.......Z..........YWq .\analyticstelemetry.manifest.....Z......Y.l .\context\analyticscontextconfig.luc.....g......Y.l .\context\analyticswpssetting.luc.....+......Y.l .\context\analyticswsswps.luc.....G$.....Y.l .\context\browserinformation.luc......7.....Y.l .\context\browserversion.luc......;.....Y.l .\context\contexthandler.luc.....d=.....Y.l .\context\externalutilityfunction.luc.J....@.....Y.l .\context\featuretrackingfeature.luc...../^.....Y.l .\context\hashedmachineid.luc......`.....Y.l .\context\msspstatus.luc.O....g.....Y.l .\context\samrecoverable.luc.....7k.....Y.l .\context\sequencenumber.luc.....?m.....Y.l .\context\smarttoasting.luc.R....q.....Y.l .\context\subscriptionexpirydate.luc.R...]s.....Y.l .\context\subscriptionstatus.luc......w.....Y.l .\context\subscriptiontype.luc.Y....y.....Y.l .\context\suitestatus.luc....."}.....Y.l .\context\wpssubscriptionexpirydate.luc.F....~.....Y.l .\context\wpssubscriptionst

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\balloon_safe_annotation.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3166
                                                                                                                                                                          Entropy (8bit):7.890916051269147
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                          MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                          SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                          SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                          SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\browserhost.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 1302240 bytes, 8 files, at 0x44 +A "\browserhost.exe" +A "\browserhost.manifest", flags 0x4, number 1, extra bytes 20 in head, 121 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1312936
                                                                                                                                                                          Entropy (8bit):7.9996906406741735
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:YKpc0IfBMQK252fl8b2Rd6cTiIYF3wiXNuBERjpvRKxrOoCxX2htEPh3hDr:YK8jK25GKb2R6IYFAeNuqDvKCmDEp3h/
                                                                                                                                                                          MD5:F81CD9F1599139C5DE0CCD3B13285927
                                                                                                                                                                          SHA1:59E7C8CF872C2F781BB1DD8A735E5610535F4C43
                                                                                                                                                                          SHA-256:808E5DFBAF55691037A992E719F1FBF5BF5FB40F8D6440D0706F27D4E7FB9CE2
                                                                                                                                                                          SHA-512:167E42368002C5CF233D4F8A39C3E5FDF0BA952DE024E1AE4951AD2C7F0E989AC615A0A57E006E653A77F971E73C708A8EF6E26C6049BD76096D28B764C4CCD6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)..............y.....;........YLq .\browserhost.exe..-....;....YTq .\browserhost.manifest.f....)<....Y"k .\edge.com.mcafee.webadvisor.json.e....+<....Y"k .\edge.com.mcafee.webadvisor_v2.json......,<....Y"k .\webadvisor.mcafee.chrome.extension.json.L...%/<....Y"k .\webadvisor.mcafee.firefox.extension.json.....q0<....Y"k .\webadvisor_v2.mcafee.chrome.extension.json.K....3<....Y"k .\webadvisor_v2.mcafee.firefox.extension.json.6...~...[...G .C...@..4.....j..Tj}ZYjY.T.X.QE;uF...Q..#..:G..nlwgT.X3*h...5.....F..........v........\..7....Zg..........U.! @........&-s.*..-f....u....58u..j......B3.G...M.Q.R.JS.n*pI........>!..KB...................B5S4VVVE........VlP.<.H9.L.......q..X.Zc+.[.......O.(..q...j...1n.w._;._e..l../.C}op..q.........Q./...w..{.=....[....!.x`...r...on3.U....<......{....F.o.......|.....r...wy..i.\[:...g/.w.~...=V#^....<2.................}O=..../K....v.y.......`.6..a....?.5W.|.i.=......#o.w....q..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\browserplugin.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 5067323 bytes, 2 files, at 0x44 +A "\browserplugin.manifest" +A "\e10ssaffplg.xpi", flags 0x4, number 1, extra bytes 20 in head, 183 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5078019
                                                                                                                                                                          Entropy (8bit):7.999204670703307
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:rPTtx20xoUoRYyKXJT6me+cU7Zd94YoMVvtvQNUznnFu5U3z:rX+cyKXRbe/U7ZgYNV1vMULFdj
                                                                                                                                                                          MD5:AFA82B1222D9A93CE2EC0279DC025671
                                                                                                                                                                          SHA1:C9297D806D299DA095F9D1979DB9C5B54BAF237F
                                                                                                                                                                          SHA-256:FFA9CE39C49A226732E75BC8B5558FFC9DB3C12A7984FF4D99C9CE5E8BF214B6
                                                                                                                                                                          SHA-512:65B63AD867F922F1053E51420B98B46BB6C5E05FD7A7E01E52F89914E206704D28FACB8C426558290034A212E6FF4B75A68FCE2E1E7D41A97539F96360F1AB5C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....;RM.....D...........................;RM..)..................u..........YUq .\browserplugin.manifest.xU[.u......Y.p .\e10ssaffplg.xpi...A.[..[.....pj........*.D..]..qwwwwwpw.P.....\p.].....U.........6j...V..<M^$... .#,.a...OS........Z./O.@..O2..1.....i.)%M[..8p.u.`v7...&.Z.BGy.....A.."......7..$.N.6p.N..3..A...@..(..55...~?.c...l.K.c..LM......-.4..))..!...P..=...,+.....k.CG..+...i'.m+...L.* ...XgbZ^X.\.Ww..._.X\\[.i_.`..[.a.....}jn.......K8X.o....L.........1o.f._&......_.5..:....:k*....b>Z.r...?..f......sOp....L.8j...=...........f........_... .ZfZdd.X."....._...{.O[S.._.....e.[..}9*b..5.,5.......7..V}...Y...Wt(....../.Y...cm...._....5/..I..\:..v....~.6.~.../S......5......q?\..E.......4........'......U...Y.x.~.:..P..w...>..>6..,....1RZ..q.I.23...:;.....Sj]d]`Yffc._#.2......C.........}C.D.......?.n..V..Uf.k]Xn.i......E..L.....MF..}_..G......R....I...;...j.....[.E.....9.ai_q.........`..{o.c.....:........c....>LG...j.g......o.a^....E...G...R.......

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\icon_complete.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3219
                                                                                                                                                                          Entropy (8bit):7.7127647052020425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ek20QaOtG6FvySCYWm8yAxvU+LblYFv2tct:eQQaOwhS8m8yH+flLtct
                                                                                                                                                                          MD5:4A09448B224F83F4E6D36AEC9FF4DA1E
                                                                                                                                                                          SHA1:CC42250CAF610210EFF2904B1A08630A0888AB2F
                                                                                                                                                                          SHA-256:911215D1ADA8D78A33F6ED9A3740A0652BE74EFA34ED22AE569D143F9B3B5040
                                                                                                                                                                          SHA-512:390587FA96D17112CA7EC1ADFE2BA103FE39E980A35A2D4C7A3B6BCF4DE9E95B200DDCEE3C4B6C34899DE51F20F9635D41259558C77CF24279D26264DA953E2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEF9F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFAF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEF7F71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEF8F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>d.8.....IDATx..kL.W.....Z(....h5>J....T,...4U...h.I..&~...`..hc......"h.. X.....m...Q....%...........'..ta.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\icon_failed.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3390
                                                                                                                                                                          Entropy (8bit):7.74331289225542
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ek2J8fBtCIc5eJXe1TDiotN45Myx7n6v9+j0ZH:e98fB8vcJqVUtx+9+j0p
                                                                                                                                                                          MD5:AEE9C26A50511C3E4196C28662BCE665
                                                                                                                                                                          SHA1:ADF6DA6EE3EAAD88E8EF1C9C07505AEFFDE89B57
                                                                                                                                                                          SHA-256:0E2904A557F79BCE71A47BFB03E49FA9C5B54C7855017B54143EA2214501BFE6
                                                                                                                                                                          SHA-512:F90AA520FD9308C502B857C4425BF6CF6E12C401EA4B538534E58655448232CF797AA9A9BA60B0932DBAFC28EE925D22BED6740DF82BB02C5C99EF851389F783
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEFDF71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFEF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFBF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEFCF71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..*.....IDATx..klTU...v..--/5.<.J...."F.aD.HQ4..(...j.P.a...?T ..F...........5..... ..jU..Q#.V(.]g...w.g.n.$.m

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\icon_laptop.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 100 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1511
                                                                                                                                                                          Entropy (8bit):7.072392857408681
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YQ1hepWwjx82lY2T3JbVvdgqud1oUUyJ3Vnf//XPtGiLBVa470GoqF0ynT6/at8a:YuccNn2Vw7znJ3BvPtnLW5qF0yTUa6fC
                                                                                                                                                                          MD5:4D3A0258CF71A406CB7669FBE3FBEB2E
                                                                                                                                                                          SHA1:0811273369EADF2604DB3C53426F85FE74B785E4
                                                                                                                                                                          SHA-256:C156050A5D788BAD7D8F36482072B44A23F502F23C5F9198F6EB1EB066765DEE
                                                                                                                                                                          SHA-512:837A275BC63DD19F5F8553E056C5EAF257D530A54E0EC386BB28B0A515CA58929E3464612C30D9E7034ACF7473119E03B00EBAB26B220391330FEF12BC087973
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...d...I............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:3EBDD818F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:3EBDD819F71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFFF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDF00F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..}....UIDATx..K.Q..sj-HT...X..t.Z.P.A$...v...._.-]DAkG....#.B....dr.(..@.*......-y.......<H.......{..^.\NA|h..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\installer.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3079968
                                                                                                                                                                          Entropy (8bit):6.4924663136231695
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:x4h9JG7wvcPOowb0j5LjY58nbwsMB/KLGVwazuZbQH8:49/cPOoG0j5LjYObU/SKuZi8
                                                                                                                                                                          MD5:9B6FDFBC11B51E810F01598730A002F4
                                                                                                                                                                          SHA1:E93BBC426BE5BA4D4E9A8FE6C59404C9C693223F
                                                                                                                                                                          SHA-256:C9E3EA8126273B9FA2439F674767F420630C46D68C02A9940EE97AAD05C42872
                                                                                                                                                                          SHA-512:9D6E8C635FABDF71E4E0EB694CED5348445B69F7DB0F3DE83348B441DF2B4A24282C56C5E7AC1703060C5A106C28E9F06B71AABECD62DC67EFF944B057B8DA95
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........&f.{H5.{H5.{H5..K4.{H5..M42{H5O.L4.{H5O.K4.{H5O.M4.{H5,.M4.{H5..M4.{H5..L4.{H5..I4.{H5.{H5.{H5!.L4.{H5.{I5.yH5..A4l{H5..H4.{H5...5.{H5.{.5.{H5..J4.{H5Rich.{H5........................PE..d...TYWg.........."....$............P..........@............................../......./...`.........................................0.".$...T."......@&.8h....$..c...l.. ...../.h2... .p..................... .(....h..@....................."......................text............................... ..`.rdata..............................@..@.data...4.....".......".............@....pdata...c....$..d...f#.............@..@.didat....... &.......$.............@..._RDATA..\....0&.......$.............@..@.rsrc...8h...@&..j....$.............@..@.reloc..h2..../..4...8..............@..B........................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jquery-1.9.0.min.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):93205
                                                                                                                                                                          Entropy (8bit):5.288377247760317
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdf:fY8MaW2c+UELKUqnAdiG
                                                                                                                                                                          MD5:A75A7E75DE7E95D0CF44254B591A0EAD
                                                                                                                                                                          SHA1:A495F1544144C935F83A30E025265E3314E19078
                                                                                                                                                                          SHA-256:E88147A2742CA1378EAB2E0E684C0898FE156DDDBCDBE142CBF8A8C1FE25BEB6
                                                                                                                                                                          SHA-512:4CF67506E0C6E6A0D44A9C796092C09D99D834F9A5C94352A87880099BED1CA99086EED502B9604B64753E4BA56C5F15FDD1E47B2AF6CAEF9EA1B7F02A55EE06
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-cs-CZ.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2374), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):74892
                                                                                                                                                                          Entropy (8bit):3.8109048145074778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:MtrgKi7KxT98/9UIBtIFbxb6EFNBRV25JWavzs87n37ebyUDfIjGB:hs91bzNx0JWGsiUDwI
                                                                                                                                                                          MD5:EF03E8660898846DA8DAAE5F63A6D510
                                                                                                                                                                          SHA1:3131A93875E49EBA659D56EC9264DF716FBA7196
                                                                                                                                                                          SHA-256:B2F89F5F2FDCD42E4DABC6967CAB68FCF5B0A9F2DD935F0F8D079D4014CD2430
                                                                                                                                                                          SHA-512:0D2233C2648A7CFA4E977490E0DB00FFA7AA32E2058B66376CB4D5C2EFB40D6BA4CC4D5519C3B76EDBB0AD122B08BD3721EED48C00BCA0046A5EF011F33221FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n...n... .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .s.o.f.t.w.a.r.e. .I.n.t.e.l.........D...k.u.j.e.m.e. .z.a. .v.y.u.~.i.t... .b.e.z.p.e...n.o.s.t.n...h.o. .s.o.f.t.w.a.r.u. .a. .s.l.u.~.e.b. .s.p.o.l.e...n.o.s.t.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .(.d...l.e. .j.e.n. .. S.o.f.t.w.a.r.e.. ).,. .k.t.e.r... .p.o.s.k.y.t.u.j.e. .j.e.j... .s.t.o.p.r.o.c.e.n.t.n... .v.l.a.s.t.n...n... .d.c.e.Y.i.n... .s.p.o.l.e...n.o.s.t. .M.c.A.f.e.e... .T.o.t.o. .j.e. .p.r...v.n... .u.j.e.d.n...n... .m.e.z.i. .v...m.i. .a. .n.a.a... .s.p.o.l.e...n.o.s.t..... .I.n.s.t.a.l.a.c... .n.e.b.o. .p.o.u.~.i.t...m. .S.o.f.t.w.a.r.u. .v.y.j.a.d.Y.u.j.e.t.e. .s.o.u.h.l.a.s. .s. .p.o.d.m...n.k.a.m.i. .u.j.e.d.n...n...,. .p.r.o.t.o. .s.i. .j.e. .p.e...l.i.v... .p.Y.e...t...t.e... .........T.a.t.o. .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .S.o.f.t.w.a.r.e. .I.n.t.e.l. .(.d...l.e. .j.e.n. .. S.m.l.o.u.v.a.. ). .u.p.r.a.v.u.j.e. .v.a.a.e. .p.r...v.a. .k. .p.o.u.~.i.t... .S.o.f.t.w.a.r.u.,. .j.e.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-da-DK.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2582), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):91776
                                                                                                                                                                          Entropy (8bit):3.4531006440869785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:nVNCGgfhrLJT5kmiYjC8DZ9p7WmTg5MSItM7Q1cTm/diaa8mwQUIqetIHi7M6X65:nVNCGgfhpTziY2Ol7FtD0aa8mWe9+PL
                                                                                                                                                                          MD5:E7B24B072397487B19385511F573B992
                                                                                                                                                                          SHA1:CD88B156249AAA968CCBC12BF54F5149DA2BAEBA
                                                                                                                                                                          SHA-256:E8013A95BF7632B1F129F7DAEBFF48A742EEFAE9729B2BDD9F2B0920688A4BC0
                                                                                                                                                                          SHA-512:174DCF163649A3355B36A1A8E948EC85588CD29A2B57DE60DA861195EEFAB6909134CE26445160E26088EC2CB9575480154859DE4D7DD32C53D7CD7855CAD0A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n.s.a.f.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.,. .f.o.r.d.i. .d.u. .b.r.u.g.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .s.o.f.t.w.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".S.o.f.t.w.a.r.e.n.".).,. .d.e.r. .l.e.v.e.r.e.s. .a.f. .M.c.A.f.e.e.,. .s.o.m. .e.r. .e.t. .h.e.l.e.j.e.t. .d.a.t.t.e.r.s.e.l.s.k.a.b. .a.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.f.t.a.l.e. .m.e.l.l.e.m. .o.s. .. .i.n.s.t.a.l.l.a.t.i.o.n. .e.l.l.e.r. .o.p.r.e.t.t.e.l.s.e. .a.f. .a.d.g.a.n.g. .t.i.l. .v.o.r.e.s. .S.o.f.t.w.a.r.e. .b.e.t.y.d.e.r.,. .a.t. .d.u. .a.c.c.e.p.t.e.r.e.r. .d.i.s.s.e. .v.i.l.k...r.,. .s... .d.u. .b.e.d.e.s. .l...s.e. .d.e.m. .o.m.h.y.g.g.e.l.i.g.t... .........I. .d.e.n.n.e. .l.i.c.e.n.s.a.f.t.a.l.e. .f.r.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".A.f.t.a.l.e.n.".). .g.e.n.n.e.m.g...s. .d.i.n.e. .r.e.t.t.i.g.h.e.d.e.r. .t.i.l. .a.t. .b.r.u.g.e. .S.o.f.t.w.a.r.e.n.,. .b.e.g.r...n.s.n.i.n.g.e.r. .f.o.r. .d.e.n.n.e. .b.r.u.g.,. .v.o.r.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-de-DE.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (3216), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):104206
                                                                                                                                                                          Entropy (8bit):3.4917892348426625
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:Sw8jufxOksgk9WB2s9JIEwSKjKmDwwy0U6QVMsaXSTLgaP3FGb:FahQVS
                                                                                                                                                                          MD5:2358F282F57F60EEEF57A981D52E34EF
                                                                                                                                                                          SHA1:85F899EC06E3276222EF630715E982522D15CC73
                                                                                                                                                                          SHA-256:C5E6541AB7B449EAC82BA40CBF58BE36DF771636AFB8A377927DDEF846D63A17
                                                                                                                                                                          SHA-512:5482E0D53F82EB52F837F391E1B2D8FD6C7D12CFD67A97BF2DE54EDCF849A7C760DDAE2537B122D8A4EE723349F2E0F1DABC08441A9D38A60F8B5704A760D770
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g.........V.i.e.l.e.n. .D.a.n.k.,. .d.a.s.s. .S.i.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .S.o.f.t.w.a.r.e. .u.n.d. .D.i.e.n.s.t.e. .(.. S.o.f.t.w.a.r.e.. ). .n.u.t.z.e.n.,. .d.i.e. .v.o.n. .M.c.A.f.e.e.,. .e.i.n.e.r. .h.u.n.d.e.r.t.p.r.o.z.e.n.t.i.g.e.n. .T.o.c.h.t.e.r.g.e.s.e.l.l.s.c.h.a.f.t. .v.o.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.,. .b.e.r.e.i.t.g.e.s.t.e.l.l.t. .w.e.r.d.e.n... .D.i.e.s. .i.s.t. .e.i.n. .r.e.c.h.t.s.k.r...f.t.i.g.e.r. .V.e.r.t.r.a.g. .z.w.i.s.c.h.e.n. .u.n.s.. m.i.t. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n. .o.d.e.r. .d.e.m. .Z.u.g.r.i.f.f. .a.u.f. .u.n.s.e.r.e. .S.o.f.t.w.a.r.e. .s.t.i.m.m.e.n. .S.i.e. .d.i.e.s.e.n. .B.e.d.i.n.g.u.n.g.e.n. .z.u... .L.e.s.e.n. .S.i.e. .s.i.e. .d.e.s.h.a.l.b. .b.i.t.t.e. .a.u.f.m.e.r.k.s.a.m. .d.u.r.c.h... .........D.i.e.s.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g. .(.. V.e.r.t.r.a.g.. ). .u.m.f.a.s.s.t. .I.h.r.e. .R.e.c.h.t.e. .z.u.r. .N.u.t.z.u.n.g. .d.e.r. .S.o.f.t.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-el-GR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2776), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):103714
                                                                                                                                                                          Entropy (8bit):4.054402888023057
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:7NPKnckk7Va7/ZYluLyBO/mw5rMpNVjX7MYeFz8cX:lKB5rMdX4/H
                                                                                                                                                                          MD5:07550B71611D249AD061DC876AB53C6C
                                                                                                                                                                          SHA1:D2C9A88A2830DA9103D20392DFFD2A637586B276
                                                                                                                                                                          SHA-256:F922665E3947D8555D96607A1CAF20A1C3CA650C4A42F518EA9765502FF01062
                                                                                                                                                                          SHA-512:BAAF338E1FE444B38EBB015802D40D3402E541C2C42202A534C59034187A0D7B5C681FB135B732B596CD8679B7900CEDD47882EE2CA605EA76CC5415F7DEDE26
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................ ............. ............. ..................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y............... ......................... ....... ............................. ................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. ................... ).,. ....... ............... ... .M.c.A.f.e.e.,. ....... ....................... ..................... ................... ....... .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ... ............... ................. ....... ............. ................. ............... ..... ......... ....... .......... .. ....................... ... ..................... ....... ..................... ....... ....................... ....... ..................... ..... ......... ................. ...........,. ................. ....... ....................... ..... ......... ................... ....................... ........... ............... ............... ............. ............. .....................

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2456), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):85990
                                                                                                                                                                          Entropy (8bit):3.453112144507336
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:/F7Fw4sT8hXmsqSrobeIT6f9BMaR4EYtI7F56:aoK
                                                                                                                                                                          MD5:01BD6FB66DC6D58D2B1722D83FE26440
                                                                                                                                                                          SHA1:B2766FF537D2883630EE3FB148E6A159EFB8383E
                                                                                                                                                                          SHA-256:9A97854186CD17584C9649FEC8B77C2BB059B5ADA7AF9D128092E6EC30A377E5
                                                                                                                                                                          SHA-512:578E5267FFC67F81D8B0782071033C9622CF9D8199B9118FA1CE80CB8D3F0AC101D0D81AF8B0A0B64ADB9A0FB69C7EC237632F0C02200D8655F9C071ADA6129A
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t.........T.h.a.n.k. .y.o.u. .f.o.r. .u.s.i.n.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.o.f.t.w.a.r.e. .a.n.d. .s.e.r.v.i.c.e.s. .(.. S.o.f.t.w.a.r.e.. ).,. .p.r.o.v.i.d.e.d. .b.y. .M.c.A.f.e.e.,. .a. .w.h.o.l.l.y. .o.w.n.e.d. .s.u.b.s.i.d.i.a.r.y. .o.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.h.i.s. .i.s. .a. .l.e.g.a.l. .a.g.r.e.e.m.e.n.t. .b.e.t.w.e.e.n. .u.s.. i.n.s.t.a.l.l.i.n.g. .o.r. .a.c.c.e.s.s.i.n.g. .o.u.r. .S.o.f.t.w.a.r.e. .m.e.a.n.s. .y.o.u. .a.r.e. .a.g.r.e.e.i.n.g. .t.o. .t.h.e.s.e. .t.e.r.m.s.,. .s.o. .p.l.e.a.s.e. .r.e.a.d. .t.h.e.m. .c.a.r.e.f.u.l.l.y... .........T.h.i.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t. .(.. A.g.r.e.e.m.e.n.t.. ). .c.o.v.e.r.s. .y.o.u.r. .r.i.g.h.t.s. .t.o. .u.s.e. .t.h.e. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.c.t.i.o.n.s. .o.n. .t.h.a.t. .u.s.e.,. .o.u.r. .r.i.g.h.t. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .r.e.n.e.w. .a.n.d. .c.h.a.r.g.e. .y.o.u. .f.o.r. .p.a.i.d. .v.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-ES.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):100834
                                                                                                                                                                          Entropy (8bit):3.4283040020854774
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQm:Jg/5R9WPzzC3cix5kzYdZ+vQNQOW
                                                                                                                                                                          MD5:EE9BC03D94335360BE94CFE2ED38F2E7
                                                                                                                                                                          SHA1:D79ADFD3CBF5FB2BAA048DCD577FB82B02759F7C
                                                                                                                                                                          SHA-256:2B6CBEA00317FDFF876880A2EB2590A06D79A9EBA05B72A08F7AF674C3441AE0
                                                                                                                                                                          SHA-512:CC65C061A107DF5A19FE3077A31417A75DD6798A17D30CC4CE08DF1724D849538BC8589FF6D561368BEB1B70060AD344DE37D0C4ABC5471CC3BEA1A14D847007
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-MX.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):100834
                                                                                                                                                                          Entropy (8bit):3.428277035149879
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQH:Jg/5R9WPzzC3cix5kzYdZ+vQNQO3
                                                                                                                                                                          MD5:C3BF812E539D6533C1835F2750E2576E
                                                                                                                                                                          SHA1:DA5D515CAD63E95762BAFFF2610D9E9C80D35EB9
                                                                                                                                                                          SHA-256:F181CA55AF444B171A8360B33A3521AB9118B9F36F944BF687D43EE0563C0C9C
                                                                                                                                                                          SHA-512:26F23774F7D665AEB550C5BFE5FA012FE08CCE2ECD7A6EA246F8A2233FAA7329A1D52F50CD1171089B473BCB49B96858B8CAA90C6E882FB8FB4BA3682BD25747
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-fi-FI.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2621), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):90558
                                                                                                                                                                          Entropy (8bit):3.4500679413514117
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:HE2oXLv8VtIG4O4mPf5lC66AlB1Fd+NlLVlbH2ZuWUh/U:Hl4gtI24cf5c6J7l8vWUhc
                                                                                                                                                                          MD5:678A39502230D029CC22AB42787EC4EF
                                                                                                                                                                          SHA1:7314F42A6412DF9ADC98261EBF674C417A9E2437
                                                                                                                                                                          SHA-256:73CCA4EF648544FAF7B4E20B7F54D7D4B2761674D61ADE0CB0943CB98BC22897
                                                                                                                                                                          SHA-512:B00BF94EBFA427A2B669F18F963640E9C6442137BC7647F0EBE75A1D00E2D8D0696A10A49A238962014F17E26E6946861EFB5BD4931D5D6157AEB29EFB4C9C9D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s.........K.i.i.t.o.s.,. .e.t.t... .v.a.l.i.t.s.i.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .o.h.j.e.l.m.i.s.t.o.n. .j.a. .p.a.l.v.e.l.u.t. .(.. o.h.j.e.l.m.i.s.t.o.. ).,. .j.o.t.k.a. .t.a.r.j.o.a.a. .M.c.A.f.e.e.,. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.i.n. .k.o.k.o.n.a.a.n. .o.m.i.s.t.a.m.a. .t.y.t...r.y.h.t.i..... .T...m... .o.n. .l.a.i.l.l.i.n.e.n. .s.o.p.i.m.u.s. .m.e.i.d...n. .j.a. .k...y.t.t...j...n. .v...l.i.l.l..... .A.s.e.n.t.a.m.a.l.l.a. .t.a.i. .k...y.t.t...m...l.l... .o.h.j.e.l.m.i.s.t.o.a.m.m.e. .s.i.t.o.u.d.u.t. .n...i.h.i.n. .e.h.t.o.i.h.i.n.,. .j.o.t.e.n. .o.n. .t...r.k.e.....,. .e.t.t... .l.u.e.t. .n.e. .h.u.o.l.e.l.l.i.s.e.s.t.i... .........T...m... .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s. .(.. s.o.p.i.m.u.s.. ). .p.i.t..... .s.i.s...l.l.....n. .k...y.t.t...j...n. .o.i.k.e.u.d.e.t. .o.h.j.e.l.m.i.s.t.o.n. .k...y.t.t.....n.,. .t...t... .k...y.t.t..... .k.o.s.k.e.v.a.t. .r.a.j.o.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-CA.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):100074
                                                                                                                                                                          Entropy (8bit):3.4570958714075197
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Neu:YwrsE2KdYmfwqjlK2BZVqCChcw0c
                                                                                                                                                                          MD5:11FB5D919E8D4CA8E251B8316C0D9FDD
                                                                                                                                                                          SHA1:844E3895654A12291557A08C0B8EDDEB931CA55B
                                                                                                                                                                          SHA-256:9D13797690BB4B88C62A53CB602249BEBCF6604931241EC7481CB4B132863B11
                                                                                                                                                                          SHA-512:2BC3C24A5F696589A075AB3BA64E823056EA53E1773B1183B4FCF06E5E17A21ED3C521639C29FE8E4F5CA1FD51F8FE496A22A1B84DC7DF34FEF63D6E6825F16A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-FR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):100074
                                                                                                                                                                          Entropy (8bit):3.4566889314561657
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Nec:YwrsE2KdYmfwqjlK2BZVqCChcw0a
                                                                                                                                                                          MD5:32C0E5CC752C2F76FF6AA79B9D7E4F58
                                                                                                                                                                          SHA1:A4C7E48D029A4951B43D2948B20A8B12FFCF619F
                                                                                                                                                                          SHA-256:B003840DF4B91DD867552137E01BE0BD601EAAFB74E9974F83144FDC9EE9BF0C
                                                                                                                                                                          SHA-512:B1F61FF518D1A972574E9FD2AC763BF82BEB985AACA7661164AFCB28AF75709F539A837A8A7347F677FCEBC034EB96498E7F1A121967A8D5A0F807683618A2C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-hr-HR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2677), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):87744
                                                                                                                                                                          Entropy (8bit):3.5874191528402934
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:4D5AY14mQom+cQuoy8H5Zo3ij63ydrXxYM+gDUC5lBvt4UgmsiyePIOA:3jelDB1vm
                                                                                                                                                                          MD5:5CC370E61A37DF91B7D6C966805A5926
                                                                                                                                                                          SHA1:8CE489F5074986D14A1735B7D276265A61BAAAF2
                                                                                                                                                                          SHA-256:82C092D77335642F2968FA74C0F50079EC2A2A81A3E3A8A0636C1219DCC10FD7
                                                                                                                                                                          SHA-512:4CDB0FF15716FF82843CC0AC6F3DC2F07C16EEBC62E1377F6F951211F0984A98322F8F71824F6C859C1D4D779A11D947A2784454B8D12CF7EC2297E5415CBDBB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.v.e.r.".).,. .k.o.j.i. .i.s.p.o.r.u...u.j.e. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .t.v.r.t.k.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s.. i.n.s.t.a.l.i.r.a.n.j.e. .i.l.i. .p.r.i.s.t.u.p. .n.a.a.e.m. .S.o.f.t.v.e.r.u. .z.n.a...i. .d.a. .s.e. .s.l.a.~.e.t.e. .s. .n.j.e.g.o.v.i.m. .u.v.j.e.t.i.m.a.,. .p.a. .v.a.s. .m.o.l.i.m.o. .d.a. .i.h. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.t.e... .........O.v.a.j. .L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".U.g.o.v.o.r.".). .o.b.u.h.v.a...a. .v.a.a.e. .p.r.a.v.o. .n.a. .k.o.r.i.a.t.e.n.j.e. .S.o.f.t.v.e.r.a.,. .o.g.r.a.n.i...e.n.j.a. .u. .n.j.e.g.o.v.o.m. .k.o.r.i.a.t.e.n.j.u.,. .n.a.a.e. .p.r.a.v.o. .n.a. .a.u.t.o.m.a.t.s.k.o. .o.b.n.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-hu-HU.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2782), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):98690
                                                                                                                                                                          Entropy (8bit):3.685619337213005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:3+Y5qMxXdv62/0ojFC0hQY+eUbM5wbg6u+sWOvm1SeWN3CBw4bZKMoBwAbCxpI1t:zsGDmMeI
                                                                                                                                                                          MD5:747D979803169F76FFB0694E906515EC
                                                                                                                                                                          SHA1:88615D66D8601DBB4F647BBEF9F33BC09F139CB8
                                                                                                                                                                          SHA-256:4DD8DEEA7EF8DB214D5C9E8A524EE0FD1BEF58937623945BB17DE69CD8C4125A
                                                                                                                                                                          SHA-512:3F33985624C3FF4989A9C37350EFFD4E07CF70195F4F462E4359EF3215DECFE1DF0772ECE2201EA620BE3B5CA1650F87D2F10CA08BA9926F799BDC77324DB3BE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s.........K...s.z...n.j...k.,. .h.o.g.y. .a.z. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .t.e.l.j.e.s. .t.u.l.a.j.d.o.n... .l.e...n.y.v...l.l.a.l.a.t.a.,. .a. .M.c.A.f.e.e. ...l.t.a.l. .k...n...l.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.z.o.f.t.v.e.r.t. ...s. .s.z.o.l.g...l.t.a.t...s.o.k.a.t. .(.. S.z.o.f.t.v.e.r.. ). .h.a.s.z.n...l.j.a... .E.z. .a. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .e.g.y. .k...z...t.t...n.k. .l...t.r.e.j...t.t. .j.o.g.i. .m.e.g...l.l.a.p.o.d...s. .. .a. .S.z.o.f.t.v.e.r...n.k. .t.e.l.e.p...t...s.e. .v.a.g.y. .a. .S.z.o.f.t.v.e.r...n.k.h...z. .v.a.l... .h.o.z.z...f...r...s. .a.z.t. .j.e.l.e.n.t.i.,. .h.o.g.y. ...n. .e.g.y.e.t...r.t. .a. .s.z.e.r.z.Q.d...s.b.e.n. .f.o.g.l.a.l.t. .f.e.l.t...t.e.l.e.k.k.e.l.,. .e.z...r.t. .o.l.v.a.s.s.a. .e.l. .f.i.g.y.e.l.m.e.s.e.n. .a.z.o.k.a.t... .........A.z. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .(.. S.z.e.r.z.Q.d...s.. ). .a. .S.z.o.f.t.v.e.r. .h.a.s.z.n...l.a.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-it-IT.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2974), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):103642
                                                                                                                                                                          Entropy (8bit):3.410756917907654
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:D+piF3I9T9qL1rEINLBC7LcfZJJSMqHDYCebssNKlU8rmjVHJkItVdM1OrzjW:6/c16yjdM1OS
                                                                                                                                                                          MD5:D9AFC6FA5E620BA21FC7AAE5EEA075A1
                                                                                                                                                                          SHA1:722FAFD586D555E67868847BE2D590728211F968
                                                                                                                                                                          SHA-256:D87E62812B503E53398140F0FA7F334647D1F44AE8A7BA8F070FC783F1BA9730
                                                                                                                                                                          SHA-512:4537A9755CB3B960EECA97E7E3DD415E206628E1426563F982EE7FF957B1784F4FFEA825635447F43F6043E1FADD7B8643F3FB7ADBB7B95B80E86D35986866D4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..C.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.z.i.e. .p.e.r. .a.v.e.r. .s.c.e.l.t.o. .d.i. .u.t.i.l.i.z.z.a.r.e. .i. .s.o.f.t.w.a.r.e. .e. .i. .s.e.r.v.i.z.i. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".). .f.o.r.n.i.t.i. .d.a. .M.c.A.f.e.e.,. .c.o.n.s.o.c.i.a.t.a. .i.n.t.e.r.a.m.e.n.t.e. .c.o.n.t.r.o.l.l.a.t.a. .d.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .I.l. .p.r.e.s.e.n.t.e. .d.o.c.u.m.e.n.t.o. .c.o.s.t.i.t.u.i.s.c.e. .u.n. .c.o.n.t.r.a.t.t.o. .l.e.g.a.l.e. .t.r.a. .n.o.i. .e. .l.'.u.t.e.n.t.e... .L.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .o. .l.'.a.c.c.e.s.s.o. .a.i. .n.o.s.t.r.i. .S.o.f.t.w.a.r.e. .i.m.p.l.i.c.a. .l.'.a.c.c.e.t.t.a.z.i.o.n.e. .d.i. .q.u.e.s.t.i. .t.e.r.m.i.n.i. .d.a. .p.a.r.t.e. .d.e.l.l.'.u.t.e.n.t.e.,. .c.h.e. .p.e.r.t.a.n.t.o. ... .t.e.n.u.t.o. .a. .l.e.g.g.e.r.l.i. .c.o.n. .a.t.t.e.n.z.i.o.n.e... .........I.l. .p.r.e.s.e.n.t.e. .c.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.t.o.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-ja-JP.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (1234), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41412
                                                                                                                                                                          Entropy (8bit):5.772085659974916
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:8bY257pwJE0xJUhghf/3Gkojyef4ktbfR/KSCDpKIb5MhON:8E257OJE0ighfSyKtbfxapV
                                                                                                                                                                          MD5:98E639EF30DAC59ECA90EEB00D0E43E6
                                                                                                                                                                          SHA1:31AC8D540EA3A0202797CB3B3B370128B4D17D81
                                                                                                                                                                          SHA-256:CC3A2E0426012943EB51B2A2568F06F0273F0CE5403ACA4A906278186126E5A9
                                                                                                                                                                          SHA-512:29201C2D4A8E465BB045FF8F415BC43834B4E6D55C3A561B2039580291B21472F54A092E551F8A2DA2B7EBF7EA65CDED46993BF287B6D89E1BE0CEB801E61E51
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .n0hQM..Q.P[.O>yg0B0.0 .M.c.A.f.e.e.L0.c.OY0.0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..0.0.0.0.0.0J0.0s0.0.0.0.0...0.0.0.0.0.0.0.0...0)R(uD0_0`0M0B0.0L0h0F0T0V0D0~0Y0.0 .,gQY.}o0J0.[.ih0S_>yh0n0..k0.}P}U0.0.0.l.vj0QY.}g0Y0.0J0.[.io0.0S_>yn0.0.0.0.0.0.0.0.0.0.0.0.0.0~0_0o0]0.0k0.0.0.0.0Y0.0S0h0k0.0.0.0,gQY.}n0ag.Nk0.T.aW0_0h0.0j0U0.0~0Y0n0g0.0,gQY.}.0.0O0J0...0O0`0U0D0.0 .........S0n0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}.f...0,gQY.}.0..o0.0J0.[.in0.0.0.0.0.0.0.O(u)j.0.O(u6RP..0.0.0.0.0.0.0n0.g.Q.0.0.0.0.0~0_0o0_j...0..R.vk0.f.eJ0.0s0...Y0.0S_>yn0)j)R.0J0.0s0S_>yh0J0.[.in0..k0zv.uY0.0.S..'`n0B0.0.}.Nn0.N..k0.[Y0.0J0.[.in0.T.ak0d0D0f0....W0f0D0~0Y0.0 ....j0.0,gQY.}h0h0.0k0J0.[.ik0i.(uU0.0.0.0S_>yn0.0.0.0.0.0.0k0..Y0.0.X.f..h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.j.a.p.a.n.e.s.e./.i.n.d.e.x...h.t.m....0+T.0...Rag.Nx0n0.0.0.0L0+T~0.0f0D0~0Y0.0 ..T.Vyr.gn0ag.No0,gQY.}

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-ko-KR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (1439), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):46328
                                                                                                                                                                          Entropy (8bit):5.58543674296238
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:iLBTRAz/+e7qDm/7QgTt2Bk6baOLFureI5mIxFRlKi3lu:iLnAz/+e+DmzQgZ2BdblJsSi3lu
                                                                                                                                                                          MD5:F890FFDF8BBEB7A877F1DA8978AFC5CB
                                                                                                                                                                          SHA1:1920F72796976EB486C3AB9B2BBA34530DE4CC84
                                                                                                                                                                          SHA-256:6522E4325DBA7429F941B435FDC5F79281582D4F04BF13C3708ECA24385A7F96
                                                                                                                                                                          SHA-512:50EA45A40A907FE41FF0F15AB1A36311053C76703E0AB07407FB6554954F2A7F96363E8FB46DBD6E401D9F6B7D03175016243C0C0D54BA86A241844EB8289FE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.X. ...a. .... .....x. .M.c.A.f.e.e..... .....X.. .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......... ... ...D...(.t.X. .. ......... ).|. .....t. ...T... .....i..... .t..@. .....@. ...... ...t.X. ..... ..}...... .....X. .........|. .$.X.X.p... .a.8...X.. ...@. .t. ..}. .}..... ..X.X.. ...t...\.,. .}...D. ...X. .J... .}.<...0. ......... .........t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.(.t.X. .. .}.. ).@. ......... ..... .....,. ......... .....X. ...\. .p.t.,. .........X. . .. .....t.. .0..... ...t. ....<.\. ..}.D. .1...X.. ......... ...a.D. ...l.`. ... .... .....X. .....,. ...... .....@. ...... ...t... .....`. ... .... .....X. ...... ...\. ...X.X. ..X. .....D. ........ .t. .8...... ...X.... ........ .t. ..... ..}.D. .l.1.X.. .\. .....x. ....\. ..... ..}. .}...(...:. ...x.......8. .H..8.,. .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-nb-NO.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2743), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):84476
                                                                                                                                                                          Entropy (8bit):3.446843354798183
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKQ/s+p6jdIuRMPNGZJq7ALa/jcuqqRp5QV:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKL
                                                                                                                                                                          MD5:0FC2D0F93151C10CE5332B318B34749B
                                                                                                                                                                          SHA1:0CE5DA03AC3F9833A04C528510AA7E93308E9832
                                                                                                                                                                          SHA-256:84BA9DE6406BE526CA526BAF01EC1A4704AD65333AA15873418455CAC7DB77D7
                                                                                                                                                                          SHA-512:88F023C2A1DE1647BB64D48EDD5E57C245A183701B750BF6868EA844F1B26EB93877F66A07F798049D3A67C02B5223ABD6C2B853980F58542E744C7D4C910D80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.s.e.n.s.a.v.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.k. .f.o.r. .a.t. .d.u. .b.r.u.k.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .p.r.o.g.r.a.m.v.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".p.r.o.g.r.a.m.m.e.t.).,. .l.e.v.e.r.t. .a.v. .M.c.A.f.e.e.,. .e.t. .h.e.l.e.i.d. .d.a.t.t.e.r.s.e.l.s.k.a.p. .a.v. .I.n.t.e.r. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.v.t.a.l.e. .m.e.l.l.o.m. .o.s.s. .. .i.n.s.t.a.l.l.a.s.j.o.n. .e.l.l.e.r. .b.r.u.k. .a.v. .v...r. .p.r.o.g.r.a.m.v.a.r.e. .b.e.t.y.r. .a.t. .d.u. .g.o.d.t.a.r. .d.i.s.s.e. .v.i.l.k...r.e.n.e.,. .s... .l.e.s. .d.e.m. .n...y.e... .........D.e.n.n.e. .l.i.s.e.n.s.a.v.t.a.l.e.n. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".a.v.t.a.l.e.n.".). .d.e.k.k.e.r. .d.i.n. .r.e.t.t. .t.i.l. ... .b.e.n.y.t.t.e. .p.r.o.g.r.a.m.v.a.r.e.n.,. .b.e.g.r.e.n.s.n.i.n.g.e.r. .p... .d.e.n.n.e. .b.r.u.k.e.n.,. .v...r. .r.e.t.t. .t.i.l. .a.u.t.o.m.a.t.i.s.k. .f.o.r.n.y.e.l.s.e. .o.g. .t.a. .b.e.t.a.l.t. .f.o.r. .b.e.t.a.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-nl-NL.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2801), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):100578
                                                                                                                                                                          Entropy (8bit):3.442006366072733
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:OQ/9KbnOOfNlk/R5OVUR5Oh/RKe/HEUnOZVOsf6jzytJpjIzGeQRV22n3sT58jQM:B
                                                                                                                                                                          MD5:8F101B5AF8CB0A1F5783173B125DCD47
                                                                                                                                                                          SHA1:6CD517E2565B326CCBD900C67D668EA2D2D899A4
                                                                                                                                                                          SHA-256:CB5A555248A9C01D9C9967790CDD7F616D147E1C1E7B737F13641F5E2842AE1B
                                                                                                                                                                          SHA-512:D08432ACB958D5CC878819C00DEFF27E02EEE3A48F544DC7A097AD98D64C11DB3AB2C79831D546900EF9BAF4B121722330D1AA31AE8A2D9887B399BCE0425CBD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.a.n.k. .u. .v.o.o.r. .h.e.t. .g.e.b.r.u.i.k. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.-.s.o.f.t.w.a.r.e. .e.n. .-.d.i.e.n.s.t.e.n. .(.'.S.o.f.t.w.a.r.e.'.).,. .a.a.n.g.e.b.o.d.e.n. .d.o.o.r. .M.c.A.f.e.e.,. .e.e.n. .v.o.l.l.e.d.i.g.e. .d.o.c.h.t.e.r.o.n.d.e.r.n.e.m.i.n.g. .v.a.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.i.t. .i.s. .e.e.n. .j.u.r.i.d.i.s.c.h.e. .o.v.e.r.e.e.n.k.o.m.s.t. .t.u.s.s.e.n. .o.n.s... .D.o.o.r. .o.n.z.e. .S.o.f.t.w.a.r.e. .t.e. .i.n.s.t.a.l.l.e.r.e.n. .e.n. .t.e. .o.p.e.n.e.n.,. .g.e.e.f.t. .u. .a.a.n. .d.a.t. .u. .a.k.k.o.o.r.d. .g.a.a.t. .m.e.t. .d.e.z.e. .v.o.o.r.w.a.a.r.d.e.n... .L.e.e.s. .z.e. .d.u.s. .z.o.r.g.v.u.l.d.i.g... .........D.e.z.e. .L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.'.O.v.e.r.e.e.n.k.o.m.s.t.'.). .b.e.s.c.h.r.i.j.f.t. .u.w. .r.e.c.h.t.e.n. .o.m. .d.e. .S.o.f.t.w.a.r.e. .t.e. .g.e.b.r.u.i.k.e.n.,. .d.e. .b.e.p.e.r.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-pl-PL.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2967), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):101850
                                                                                                                                                                          Entropy (8bit):3.7337427670871493
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:dnEmLzXswPaPfzO8liJQIKQ42HzLMH7scwS3/80GIrKQ+Qp:ayXeV
                                                                                                                                                                          MD5:DD278C4F855195B67D66D697BDB8F909
                                                                                                                                                                          SHA1:F00413B9D2D51C36524011D43AFC93B4813AB4F5
                                                                                                                                                                          SHA-256:07420FBC165BB9E0D85C9B4634185DB361A6AEA7A2921A204A453F9446A24ACF
                                                                                                                                                                          SHA-512:01959DB09243CD80FA821E9808BE2386B63FA09DE7E8416CD4B2C8558CD3511309E1CAF7AC3D9ECD6550A66E5BC5DE9BFA990B12055F2E9885095C2F8F0743B8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..U.m.o.w.a. .l.i.c.e.n.c.y.j.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.z.i...k.u.j.e.m.y. .z.a. .k.o.r.z.y.s.t.a.n.i.e. .z. .o.p.r.o.g.r.a.m.o.w.a.n.i.a. .i. .u.s.B.u.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.z.w.a.n.y.c.h. .d.a.l.e.j. .. O.p.r.o.g.r.a.m.o.w.a.n.i.e.m.. ). .o.f.e.r.o.w.a.n.y.c.h. .p.r.z.e.z. .M.c.A.f.e.e.,. .s.p...B.k... .z.a.l.e.|.n...,. .k.t...r.e.j. .w.y.B...c.z.n.y.m. .w.B.a.[.c.i.c.i.e.l.e.m. .j.e.s.t. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N.i.n.i.e.j.s.z.y. .d.o.k.u.m.e.n.t. .s.t.a.n.o.w.i. .u.m.o.w... .p.r.a.w.n... .m.i...d.z.y. .n.a.m.i. .a. .U.|.y.t.k.o.w.n.i.k.i.e.m. .. .z.a.i.n.s.t.a.l.o.w.a.n.i.e. .n.a.s.z.e.g.o. .O.p.r.o.g.r.a.m.o.w.a.n.i.a. .l.u.b. .u.z.y.s.k.a.n.i.e. .d.o. .n.i.e.g.o. .d.o.s.t...p.u. .j.e.s.t. .r...w.n.o.z.n.a.c.z.n.e. .z. .z.a.a.k.c.e.p.t.o.w.a.n.i.e.m. .n.i.n.i.e.j.s.z.y.c.h. .w.a.r.u.n.k...w.,. .w. .z.w.i...z.k.u. .z. .c.z.y.m. .p.r.o.s.i.m.y. .o. .u.w.a.|.n.e. .z.a.p.o.z.n.a.n.i.e. .s.i... .z. .t.r.e.[.c.i... .d.o.k.u.m.e.n.t.u... ...

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-BR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2603), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):91306
                                                                                                                                                                          Entropy (8bit):3.4652957363909573
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:f8Wc1lp2b6cXQJ6rHcTCGXPF3zzhTOJpy0WlLyd5S+tKIbTw3ZurbNlar+wHmCY8:f7HceS+3bTrb/R6mdyZ
                                                                                                                                                                          MD5:53E6AB1DBC04F90855A804EB0FDE8BD6
                                                                                                                                                                          SHA1:670903185FE8323A590E521B37CF053FB493DD2D
                                                                                                                                                                          SHA-256:DF12D8D8C608B9C97637F8B40D34AAE67B828A6647DC96D866921EA2A8FEE557
                                                                                                                                                                          SHA-512:3917E69341F37DA4F56772CC0CB1B9B0A5507B3A147036081CD474887442DEFE25AB2972C1E21142F16EADFB29D0F9F72053EF532CC54410ED6552F1E4DA5F7C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........A.g.r.a.d.e.c.e.m.o.s. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".).,. .f.o.r.n.e.c.i.d.o. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .i.n.t.e.g.r.a.l. .d.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. ... .u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .n...s.:. .a.o. .i.n.s.t.a.l.a.r. .o.u. .a.c.e.s.s.a.r. .n.o.s.s.o. .S.o.f.t.w.a.r.e.,. .s.i.g.n.i.f.i.c.a. .a. .s.u.a. .c.o.n.c.o.r.d...n.c.i.a. .c.o.m. .e.s.t.e.s. .t.e.r.m.o.s.,. .d.e. .f.o.r.m.a. .q.u.e. .v.o.c... .d.e.v.e. .l...-.l.o.s. .c.o.m. .a. .m...x.i.m.a. .a.t.e.n.....o... .........E.s.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.o.".). .c.o.b.r.e. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.....e.s. .a. .e.s.s.e. .u.s.o.,. .o. .

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-PT.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2536), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):96486
                                                                                                                                                                          Entropy (8bit):3.474385310343869
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:GfDawY1TqufUqhbQGb0jiATGoeQmiBKTVIsFdf:2DetR
                                                                                                                                                                          MD5:95C81C2F7BE9EC7FB3AFBFDFF70D14B3
                                                                                                                                                                          SHA1:A50B146F43C5E0F716B0E40D5F21BBDCD70C4E27
                                                                                                                                                                          SHA-256:9E74B00324D9A91001B43D72EC2BD8C8D3310200B201A8155FABF20CA91BCF7C
                                                                                                                                                                          SHA-512:42E9DC893BEB007184B0BAC34108AD7D8EA04CE155093195CB56FF6CF52FE9364109ABBD2A9FF820CCE673FE73F86B577499C89B798AC889CD4CE76B1FB45A2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........O.b.r.i.g.a.d.o. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ). .f.o.r.n.e.c.i.d.o.s. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .t.o.t.a.l.m.e.n.t.e. .d.e.t.i.d.a. .p.e.l.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .d.o.c.u.m.e.n.t.o. .c.o.n.s.i.s.t.e. .n.u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .a.m.b.a.s. .a.s. .p.a.r.t.e.s.. a.o. .i.n.s.t.a.l.a.r. .o.u. .a.o. .a.c.e.d.e.r. .a.o. .n.o.s.s.o. .S.o.f.t.w.a.r.e. .e.s.t... .a. .c.o.n.c.o.r.d.a.r. .c.o.m. .o.s. .p.r.e.s.e.n.t.e.s. .t.e.r.m.o.s.,. .p.o.r. .i.s.s.o.,. .l.e.i.a.-.o.s. .a.t.e.n.t.a.m.e.n.t.e... .........O. .p.r.e.s.e.n.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. C.o.n.t.r.a.t.o.. ). .i.n.c.l.u.i. .o.s. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-ru-RU.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2934), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):105274
                                                                                                                                                                          Entropy (8bit):3.9253511414203475
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Zrlkl/OV57V/gTNKukdeCNCaM2sJCX7Zh7Ft7yvFsknxFFNZ6AJTaFkke2bnMBqV:JfRpOEZhc8LSQ0PnmEw
                                                                                                                                                                          MD5:6C84B834B887139049C5504670366472
                                                                                                                                                                          SHA1:25BBF94DFD8C58DB8B5BF7B4FECDB71C9FBC5FDF
                                                                                                                                                                          SHA-256:AA6A72816341C265F4A0EA77349E16AB8BDCADCD94DEAFA2D3DE6B36EB0B7CD9
                                                                                                                                                                          SHA-512:224CD295FCA574AFAA21233BE5488F35C8F509D608E0A3F87B9A8E1B62F740CDCC248855102D1F04E51136E1C6A227466DA2DC7064CFF7C0DD8065F639F24C53
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:....8.F.5.=.7.8.>.=.=.>.5. .A.>.3.;.0.H.5.=.8.5. .4.;.O. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........;.0.3.>.4.0.@.8.<. ...0.A. .7.0. .8.A.?.>.;.L.7.>.2.0.=.8.5. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .8. .A.;.C.6.1. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(."...@.>.3.@.0.<.<.=.>.5. .>.1.5.A.?.5.G.5.=.8.5.".).,. .?.@.5.4.>.A.B.0.2.;.O.5.<.K.E. .:.>.<.?.0.=.8.5.9. .M.c.A.f.e.e. .. .4.>.G.5.@.=.5.9. .:.>.<.?.0.=.8.5.9.,. .=.0.E.>.4.O.I.5.9.A.O. .2. .?.>.;.=.>.9. .A.>.1.A.B.2.5.=.=.>.A.B.8. .:.>.@.?.>.@.0.F.8.8. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ...0.=.=.K.9. .4.>.:.C.<.5.=.B. .?.@.5.4.A.B.0.2.;.O.5.B. .N.@.8.4.8.G.5.A.:.>.5. .A.>.3.;.0.H.5.=.8.5. .<.5.6.4.C. .=.0.<.8... .#.A.B.0.=.>.2.:.0. .8.;.8. .4.>.A.B.C.?. .:. .=.0.H.5.<.C. ...@.>.3.@.0.<.<.=.>.<.C. .>.1.5.A.?.5.G.5.=.8.N. .>.1.>.7.=.0.G.0.N.B. ...0.H.5. .A.>.3.;.0.A.8.5. .A. .C.A.;.>.2.8.O.<.8. .M.B.>.3.>. .A.>.3.;.0.H.5.=.8.O.,. .?.>.M.B.>.<.C. .2.=.8.<.0.B.5.;.L.=.>. .>.7.=.0.:.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-sk-SK.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2701), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89572
                                                                                                                                                                          Entropy (8bit):3.733984219681676
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:plH9miYwq9hpeKK283X97rpcvXctx1qDQDupSMeylm5Wq0FGQueLS9FpSzvFgxS6:pPfqU7AcD1/DmDqOrS9FpkXvaGOtdx
                                                                                                                                                                          MD5:D70C08567DD28293CF26FC845C86A8DE
                                                                                                                                                                          SHA1:D30264B5DAE3D20F09E13BFEE306BBF10699A9FA
                                                                                                                                                                          SHA-256:B1594471911399202D2F1993F38ADC97C6E4F2B4645DAC1AE12E7574A56F4CD7
                                                                                                                                                                          SHA-512:E7665ADFEB32A03F83736A5E49DA876C898F8B8E5A023FA36141E105E49D0D23F7319EAACD6D53367FFCA023BF5D32215A50D954799CF8B9350BA0AB64EBB054
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........a.k.u.j.e.m.e. .v...m. .z.a. .p.o.u.~...v.a.n.i.e. .s.o.f.t.v...r.u. .a. .s.l.u.~.i.e.b. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v...r.. ).,. .p.o.s.k.y.t.o.v.a.n...c.h. .s.p.o.l.o...n.o.s.e.o.u. .M.c.A.f.e.e.,. .k.t.o.r... .j.e. .d.c...r.s.k.o.u. .s.p.o.l.o...n.o.s.e.o.u. ...p.l.n.e. .v.l.a.s.t.n.e.n.o.u. .s.p.o.l.o...n.o.s.e.o.u. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.o.t.o. .j.e. .p.r...v.n.a. .z.m.l.u.v.a. .m.e.d.z.i. .n.a.m.i. .. .i.n.a.t.a.l...c.i.o.u. .a.l.e.b.o. .p.r...s.t.u.p.o.v.a.n...m. .k. .n...a.m.u. .S.o.f.t.v...r.u. .s...h.l.a.s...t.e. .s. .t...m.i.t.o. .p.o.d.m.i.e.n.k.a.m.i.,. .t.a.k.~.e. .s.i. .i.c.h.,. .p.r.o.s...m.,. .p.o.z.o.r.n.e. .p.r.e.....t.a.j.t.e... .........T...t.o. .L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(...a.l.e.j. .l.e.n. .. Z.m.l.u.v.a.. ). .s.a. .v.z.e.a.h.u.j.e. .n.a. .v.a.a.e. .p.r...v.a. .n.a. .p.o.u.~...v.a.n.i.e. .S.o.f.t.v...r.u.,. .o.b.m.e.d.z.e.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-sr-Latn-CS.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2634), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):88356
                                                                                                                                                                          Entropy (8bit):3.578074617368606
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:1PXzqxuAlAEnb93roW/JxeTYZ9/sn7/87/FXoQEHVX/Z0S/ja:dWVkTmR1b
                                                                                                                                                                          MD5:59FC5F3BD9A87AE9413F2FE477EC3FDE
                                                                                                                                                                          SHA1:BFC3646E09C23F6DA7A28FDE78B76931BB1A97BA
                                                                                                                                                                          SHA-256:A9CC5B406D73552009F63842964E73E3A614F0A777B8403BA0D55BE85A8129C3
                                                                                                                                                                          SHA-512:E1494204F3D87892886422919F3CEAAA708981649E69910082353601BCD9CB58D3367DB8CA291D27486B6C467EA71B36E98BE468A43005DAFD5DC7F34EF917FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .v.a.m. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v.e.r.. ).,. .k.o.j.i. .o.b.e.z.b.e...u.j.e. .k.o.m.p.a.n.i.j.a. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s. .. .i.n.s.t.a.l.i.r.a.n.j.e. .n.a.a.e.g. .S.o.f.t.v.e.r.a. .i.l.i. .p.r.i.s.t.u.p.a.n.j.e. .n.j.e.m.u. .z.n.a...i. .d.a. .p.r.i.h.v.a.t.a.t.e. .o.v.e. .u.s.l.o.v.e.,. .p.a. .i.h. .s.t.o.g.a. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.j.t.e... .........O.v.a.j. .U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. U.g.o.v.o.r.. ). .p.o.k.r.i.v.a. .v.a.a.a. .p.r.a.v.a. .d.a. .k.o.r.i.s.t.i.t.e. .S.o.f.t.v.e.r.,. .o.g.r.a.n.i...e.n.j.a. .t.o.g. .k.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-sv-SE.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2632), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89704
                                                                                                                                                                          Entropy (8bit):3.503772885574125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:dcFeHhjwanoMWVOjxKI+psB/YgpnuIbVGml:WFCwKWsQgp1
                                                                                                                                                                          MD5:A94B5016A1C36889003DCB74084BE0E8
                                                                                                                                                                          SHA1:E0E6FA59216BE5F45EB1633D566A1BA10C2AD340
                                                                                                                                                                          SHA-256:5E51ADC76C5CBAAC85C47732B15FA9D15435F6EC8A865E1B84D670149D752F58
                                                                                                                                                                          SHA-512:0897F2C7F7719D3A71552B8F1303DB8A00FD45A32CDC5E26AED1CEDDD5F18F302B8D09F781F8D5C45E9F170CEB4B060CFE11636FB3F513121BED02CCE76AD41A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.c.k. .f...r. .a.t.t. .d.u. .a.n.v...n.d.e.r. .p.r.o.g.r.a.m.v.a.r.a.n. .o.c.h. .t.j...n.s.t.e.r.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. P.r.o.g.r.a.m.v.a.r.a.n.. ). .f.r...n. .M.c.A.f.e.e.,. .e.t.t. .h.e.l...g.t. .d.o.t.t.e.r.b.o.l.a.g. .t.i.l.l. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N...r. .d.u. .i.n.s.t.a.l.l.e.r.a.r. .e.l.l.e.r. .a.n.v...n.d.e.r. .P.r.o.g.r.a.m.v.a.r.a.n. .g.o.d.k...n.n.e.r. .d.u. .a.u.t.o.m.a.t.i.s.k.t. .v.i.l.l.k.o.r.e.n.,. .s... .l...s. .n.o.g.a. .i.g.e.n.o.m. .d.e.m. .f...r.s.t... .D.e.t.t.a. ...r. .e.t.t. .b.i.n.d.a.n.d.e. .j.u.r.i.d.i.s.k.t. .a.v.t.a.l. .o.s.s. .e.m.e.l.l.a.n... .........D.e.t.t.a. .L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. A.v.t.a.l.e.t.. ). .r.e.g.l.e.r.a.r. .d.i.n.a. .r...t.t.i.g.h.e.t.e.r. .i. .s.a.m.b.a.n.d. .m.e.d. .a.n.v...n.d.n.i.n.g. .a.v. .P.r.o.g.r.a.m.v.a.r.a.n.,. .e.v.e.n.t.u.e.l.l.a. .b.e.g.r...n.s.n.i.n.g.a.r. .i. .a.n.v...n.d.n.i.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-tr-TR.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (2527), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89572
                                                                                                                                                                          Entropy (8bit):3.761887651307163
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:U4WLetFwU8STnnWH0I9fkl7+JaRtbJHGdnC2vJfPI9n9AkllkhZBYziG/xJd8oSc:UjLetFwbSTnnWH0IdkN+JaRt0dnC2xI1
                                                                                                                                                                          MD5:91C06A443F143BAE210CF6BA678B2813
                                                                                                                                                                          SHA1:829A9B675F5D12E6C9BCB9751A8B2167A701B610
                                                                                                                                                                          SHA-256:D454E9D22FA1413F35EF41BEE944300FE3776EE55CD8A41BFE588FC1A86A36F6
                                                                                                                                                                          SHA-512:7C014F1AC0AA7BC2EC7124BF5C5DC13168EEE98EBE2C3A387C67E318798EB58A09817753956E8F6206505AFEB0C63AD759AD31E6F977874B97F237D72F433454
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.. 1.n. .y...z.d.e. .y...z. .i._.t.i.r.a.k.i. .o.l.a.n. .M.c.A.f.e.e. .t.a.r.a.f.1.n.d.a.n. .s.a...l.a.n.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .y.a.z.1.l.1.m.1. .v.e. .h.i.z.m.e.t.l.e.r.i.n.i. .(.. Y.a.z.1.l.1.m.. ). .k.u.l.l.a.n.d.1...1.n.1.z. .i...i.n. .t.e._.e.k.k...r. .e.d.e.r.i.z... .Y.a.z.1.l.1.m.1.m.1.z.1.n. .k.u.r.m.a.n.1.z. .v.e.y.a. .Y.a.z.1.l.1.m.1.m.1.z.a. .e.r.i._.i.m. .s.a...l.a.m.a.n.1.z. .a.r.a.m.1.z.d.a.k.i. .b.u. .y.a.s.a.l. .s...z.l.e._.m.e.n.i.n. .i.l.g.i.l.i. .h...k...m.l.e.r.i.n.i. .k.a.b.u.l. .e.t.t.i...i.n.i.z. .a.n.l.a.m.1.n.a. .g.e.l.e.c.e...i.n.d.e.n.,. .l...t.f.e.n. .b.u.n.l.a.r.1. .d.i.k.k.a.t.l.i.c.e. .o.k.u.y.u.n... .........0._.b.u. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i. .(.. S...z.l.e._.m.e.. ). .Y.a.z.1.l.1.m.1.n. .k.u.l.l.a.n.1.l.m.a.s.1.n.a. .i.l.i._.k.i.n. .h.a.k.l.a.r.1.n.1.z.1.,. .s...z. .k.o.n.u.s.u. .k.u.l.l.a.n.1.m.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-CN.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (873), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27048
                                                                                                                                                                          Entropy (8bit):6.7933720259471135
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:dGlhiqpYn3S6kZ5pZsM1SDo9P0VSpjzjW+EpgLDR5CCaGdYQ:dWDuIVZsM19DjzjW+EpgLN5qvQ
                                                                                                                                                                          MD5:E40ED8A73802CBA2C7E94C103AF9B29E
                                                                                                                                                                          SHA1:CD42A5567397259E1F59D2739C7E7F65CCA2B13B
                                                                                                                                                                          SHA-256:6C6A08446A815E7595100C3A6BAC95DE406057CFCD32856378EEC0828F60D4D3
                                                                                                                                                                          SHA-512:B24F225F71F0641CD0E71508144821C6E4BA8F7DE6D5CE8990953B74236EA22F53CCCA5BC52A5B9CB40DEC07158222982993D07467AF459EC279C08CB73C853D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS...........a"..`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. ..vhQD.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. .o..N.T.g.R... o..N. ...0 ../f.`.N.b.NKN...v.l._OS.....[..b....b.N.v. o..N. ..sSh.:y.`.T.a..Nag>k...Vdk...N.~.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS..... OS... ...m.v.`.O(u. o..N. .vCg)R.0.O(uP.6R.0.b.N.R.~..v^1\. o..N. .v.N9.Hr,g.b.R...T.`6e9..vCg)R...N.S.`.T.a....N...Q.b.NKN...S...N.u.v.NUO.N...0 .,gOS...S+T.b.N.v...y.X.fI{D..Rag>k.v...c .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.s.i.m.p.l.i.f.i.e.d./.i.n.d.e.x...h.t.m.).....Nag>k._.....v^qQ.T.g.b..(u.N.`.v,g.l._OS...0 ..V.[/.0W:Syr.[.vag>kMO.NOS...v.g.T.Nag.0 ..........Y.g.`*g.n .1.8. ..\...l.g.`.v6r.k.b.v.b.N...N.N._{.HQ.c.S,gOS..v^.Nh..`.{.t. o..N. ...v.T.a...`.N._.O(u. o..N. .b.T.b.N.c.O.`.v*N.N.Oo`.0 .........1......c.S,gOS...T.O9e .. .US.Q. .c.S. .c...b.[.. o..N. ..sSh.:y.`.eag.N.T.a.S,g

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-TW.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (904), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27300
                                                                                                                                                                          Entropy (8bit):6.852328782163936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:RLcNdFNy9pQbexWBTeP5s8FmxoFfEgQSPsxFHMOKQZgTmLL/ytmq/V:Rcf6w3BKx/hagQSPsxtKjTmY
                                                                                                                                                                          MD5:992019F123EDA3E9D332E2B974ED1809
                                                                                                                                                                          SHA1:5A307D4BCB62D6EE451B29B31C8A4B6BBCF8606C
                                                                                                                                                                          SHA-256:52D00E90DFA554AE761BC820D5CC119A56963CFF95266194C80E4BBE0FC2CC18
                                                                                                                                                                          SHA-512:5198EDD5ADB84D60CC39D26BE1169B6F21115CD5791FA98909EC5FFEA5AC0D54E8CDC2D67D6F04F8FF14471188F0E2459E946DD7A2CDA069BCD6A7EBDAF42ABF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}.........a...`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .hs.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......g.R...0...0...0 .../f.`...b.PKN...v.l._.T.} .. ..[..bX[.S.b.P.v.0...0..sSh.:y.`.T.a...N.h>k...Vdk..N0}.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}...0.T.}.0...m..`.O(u.0...0.v.k)R.0.O(uP.6R.0.b.P..R.~..&N1\.0...0.v.N..Hr,g.b.R...T.`6e...v.k)R...N.S.`.T.a..N..N...zl.b.PKN...S.."u.u.v.NUO-rp..0 ..b.P.].S.b.b.P.v...y.kr..fI{D..R.h>k.v#.P} .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.t.r.a.d.i.t.i.o.n.a.l./.i.n.d.e.x...h.t.m.)......N.h>k._.....&NqQ.T.i.bi.(u.e.`.v,g.l._.T.}.0 ..W.[/.0W@Syr.[.v.h>kMO.e.T.}.v.g._.N.h.0 ..........Y.g.`*g.n .1.8. .rk...l.g.`.v6r.k.b.vw..N...N.P._..HQ.c.S,g.T.}&N.Nh..`.{.t.0...0...v.T.a...`.N..AQ1..O(u.0...0.b.T.b.P.c.O.`.v.P.N....0 .........1......c.S,g.T.}.T.O9e .. ..c.N.0.c.S.0.c...b.[..0...0..sSh.:y.`!q.h

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3039
                                                                                                                                                                          Entropy (8bit):5.584549435681096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3HNBDTH2dKcmPEG445Y1I8knQ5l6GGAlpfkPlC0XnslNE0wJZGl31KzEImtumzcc:3tuKJsG4450I8ksl6IlpfUlC0XslNE7I
                                                                                                                                                                          MD5:F3A5029C7AF82837AC07608AF5AB874E
                                                                                                                                                                          SHA1:5D2DCA52BB24BAF4BA244CF0774A39B5D32F45DF
                                                                                                                                                                          SHA-256:E38D92D43EC339994C92CA684C687600BFDB3DF89A6892C11883E7B56FB9C5E7
                                                                                                                                                                          SHA-512:F157BD3C10A7C6F9AAEE73998670DF683A795451799C498EB4B3D179EA048A35422AE716DD2D0E737051111097A4B0D02129683524ABE047C15BE4B2C94F42AE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. smlouva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "P.e.etl(a) jsem si licen.n. smlouvu a souhlas.m s n..",.. //{0} - Company name.. THANK_YOU: "D.kujeme, .e jste si vybrali {0}",.. INSTALL: "Instalovat",.. CANCEL: "Zru.it",.. RETRY: "Zkusit znovu",.. DONE: "Hotovo",.. //{0} - Product name.. PROGRESS_TITLE: "Produkt {0} je v.. osobn. bezpe.nostn. poradce p.i proch.zen. internetu.",.. PROGRESS_SUBTITLE: "Instalace...",.. COMPLETE_TITLE: "V.born.! Dokon.ili jsme instalaci osobn.ho online poradce.",.. COMPLETE_SUBTITLE: "V.e p.ipraveno",.. COMPLETE_LAUNCH: "Otev..t prohl..e.",.. ERROR_OS_REQUIREMENTS: "V instalaci nen. mo.n. pokra.ovat, proto.e v.. opera.n. syst.m nespl.uje minim.ln. syst.mov. po.adavky. Prove.te aktualizaci a zkuste to znovu.",.. ERROR_BROWSER_REQUIREMENTS: "V instalaci nen. mo.n. pokra.ovat, proto.e v.. prohl..e. nespl

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2750
                                                                                                                                                                          Entropy (8bit):5.30356527863537
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3blK55gOog4oCwdO1nE4Zx7eOIcvKV+VvKVHQfHbd+LnoEnE/jshVcKV+v2hQOsX:3blSgwhsx6OI6Pzfp+dErsM2kL/zMVsb
                                                                                                                                                                          MD5:470EDE85B44EBF458DDBE6F9F7BB2B5B
                                                                                                                                                                          SHA1:4B0064A1E3D3A4ECB724D76005A2FAC29CA98BEC
                                                                                                                                                                          SHA-256:BE64067C90C5F001065ED8BB8EFFF5ADCD4E1F51FB68D836C7B006CFD2EE1231
                                                                                                                                                                          SHA-512:66278668B6420352FF1BAB40C10F8B11C427B52B90C39039CE3F621C1D20EFAB85FC7945021A2D6C1885EA469377323310573E90832DDAED66C95A2BC2C4A8BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "licensaftale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har l.st og accepterer licensaftalen",.. //{0} - Company name.. THANK_YOU: "Tak, fordi du valgte {0}",.. INSTALL: "Installer",.. CANCEL: "Annuller",.. RETRY: "Pr.v igen",.. DONE: "F.rdig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhedsr.dgiver, uanset hvad du foretager dig online.",.. PROGRESS_SUBTITLE: "installerer ...",.. COMPLETE_TITLE: "Super! Din personlige onliner.dgiver er blevet installeret.",.. COMPLETE_SUBTITLE: "Klar til brug",.. COMPLETE_LAUNCH: ".bn browser",.. ERROR_OS_REQUIREMENTS: "Installationen kan ikke forts.tte, fordi dit operativsystem ikke opfylder minimumskravene. Opdater det, og pr.v igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan ikke forts.tte, fordi din browser ikke opfylder minimumskravene. Opdater din browser, og pr.v igen.",.. ERROR_VERSION: "Der er allerede e

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3119
                                                                                                                                                                          Entropy (8bit):5.263823184445253
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:36u+Npa+LIkjy9uRfJZHgf3hz0i2kTCyuyt0pWUOt:36Dpam3e6J9gvhz0i2PygOt
                                                                                                                                                                          MD5:CF761E54EEB153F8D82C500A4769E2AC
                                                                                                                                                                          SHA1:E7F4B6ED0EC302F5D7307F374CDC1963169AD847
                                                                                                                                                                          SHA-256:91E289DF7673C8055F98A1097CC2EB4B7AB243095FFB0D6D775C80718B449EA7
                                                                                                                                                                          SHA-512:E08535F7729CEAC31D940B8FCB7DADFE1B522596D0DA1295586290F916CDB377B945D85120CE9110F700E918C9878E664C95F33AA9427B6DDA9FA636B9F8EBF6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lizenzvertrag",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ich habe den Lizenzvertrag gelesen und stimme ihm zu.",.. //{0} - Company name.. THANK_YOU: "Vielen Dank, dass Sie sich f.r {0} entschieden haben.",.. INSTALL: "Installieren",.. CANCEL: "Abbrechen",.. RETRY: "Erneut versuchen",.. DONE: "Fertig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ist Ihr pers.nlicher Berater f.r Online-Sicherheit.. zu Hause und unterwegs.",.. PROGRESS_SUBTITLE: "Installation l.uft...",.. COMPLETE_TITLE: "Wunderbar! Ihr pers.nlicher Berater f.r Online-Sicherheit ist installiert.",.. COMPLETE_SUBTITLE: "Fertig",.. COMPLETE_LAUNCH: "Meinen Browser .ffnen",.. ERROR_OS_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Betriebssystem nicht die Mindestsystemanforderungen erf.llt. Bitte aktualisieren Sie es, und versuchen Sie es erneut.",.. ERROR_BROWSER_REQUIREMENTS: "Ihre Installation kann

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4568
                                                                                                                                                                          Entropy (8bit):4.938030579645634
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:3CL8S9mqS51CrYI1avgbfflo3uSAmQiRdjzkrMBGrmyyeyZUf:3Q9u51CrYmavg7flMdjzkry2my7yZQ
                                                                                                                                                                          MD5:790E186D6F2DEF3CA6EA55392DF0655E
                                                                                                                                                                          SHA1:42ACA36E1416CDAE2463DC0E47714592F57A7697
                                                                                                                                                                          SHA-256:AC37E16D3FCE1598D6321143CBF733EC472B2D0663031C6BB51150D4735E9630
                                                                                                                                                                          SHA-512:D3E641D4484F430B3E5C1421A7F093EE1CF2558E264CC7A9EBC5FE1EAEDFB29B42B70828F4579682218DDF756A263E56FFE8A4F07416A3B6A6666A4A5571EC4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "........ ...... ......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "... ........ ... .......... .. ........ ...... ......",.. //{0} - Company name.. THANK_YOU: "... ............ ... ......... {0}",.. INSTALL: "...........",.. CANCEL: ".......",.. RETRY: "......... ....",.. DONE: ".....",.. //{0} - Product name.. PROGRESS_TITLE: ".. {0} ..... . .......... ... ......... ......... .... .. .. ......... ... ..........",.. PROGRESS_SUBTITLE: ".......... ..............",.. COMPLETE_TITLE: "......! ...... ............ ... ......... ... ........... .........",.. COMPLETE_SUBTITLE: "......",.. COMPLETE_LAUNCH: "....... ... ...

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2642
                                                                                                                                                                          Entropy (8bit):5.26126673440905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3TmE5KCrHEAvhhIDX6uSBf15aN+conkQt52fEZhozWZIMJJZ1G1gPWJjm7VJ5ZNz:33NIAphIzqfE+c6bZhozqxJZXtbNz
                                                                                                                                                                          MD5:2ECA66E2E06EB81CB19B754D062422EE
                                                                                                                                                                          SHA1:247B9A7EEB7B53DF79DC2EEB1D436F4A7FA3C21D
                                                                                                                                                                          SHA-256:AC9A2B4DFC0C1D8BF9804B677383281586D590B47B92BB114E2DCF70FEF418D6
                                                                                                                                                                          SHA-512:D36E793F7DEA8A6C1B29E1578604E0E56FD5CBC74A1E9BE312F5A45D5E02011DED191F38C4A74F5926008ABFB42A48ECB0CB477EAE2238F3E0B3C6EBCC1C3839
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "License Agreement",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "I have read and agree to the License Agreement",.. //{0} - Company name.. THANK_YOU: "Thank you for choosing {0}",.. INSTALL: "Install",.. CANCEL: "Cancel",.. RETRY: "Try Again",.. DONE: "Done",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is your personal safety advisor wherever you go online.",.. PROGRESS_SUBTITLE: "Installing...",.. COMPLETE_TITLE: "Great! We've installed your personal online advisor.",.. COMPLETE_SUBTITLE: "Ready to go",.. COMPLETE_LAUNCH: "Open my browser",.. ERROR_OS_REQUIREMENTS: "Your installation cannot continue because your operating system does not meet the minimum system requirements. Please update it and try again.",.. ERROR_BROWSER_REQUIREMENTS: "Your installation cannot continue because your browser does not meet our minimum system requirements. Please update your browser and try again.",.. ERROR_VERSIO

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2710
                                                                                                                                                                          Entropy (8bit):5.245237571526594
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3Vu7DIIaj1E01NIsNIwfQ6+YHPCEfgDy5zxIhJoPlZ8RyJF4WmHnw:3Vq8IR01NIszfQ6+ObfgDizxOJoPlmRk
                                                                                                                                                                          MD5:89D30F4BD6DC4040FE6E7D2DAECF82C5
                                                                                                                                                                          SHA1:EA2FFB4EE0F55D156C2C2061C8059FA294070C8F
                                                                                                                                                                          SHA-256:9C1FB5137870E54808DCCE19310B012CC0FBEAD46E5529F3D7649030101126C3
                                                                                                                                                                          SHA-512:381763224AEC521DD5F0DFB7D28E4CD208E5FE5777F666E07803D6E81B6BD0EE1D82E24E2A8010FB5DE4786F446F182DD73C79E623A4ADEF84D7BA11DAA02F7C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Contrato de Licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}.",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Reintentar",.. DONE: "Listo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es tu asesor personal de seguridad vayas donde vayas en Internet.",.. PROGRESS_SUBTITLE: "Instalando... ",.. COMPLETE_TITLE: ".Genial! Hemos instalado tu asesor personal online.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu sistema operativo no cumple los requisitos m.nimos del sistema. Actual.zalo e int.ntalo de nuevo.",.. ERROR_BROWSER_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu navegador no cumple nuestros requisitos m.nimos del sistema. Actualiza tu navegador e int.n

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2723
                                                                                                                                                                          Entropy (8bit):5.254671238185329
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3Vu7DI4aj1EpJJNIsNIwfQQ2jlHPHEq7gDJLzxIhJoPlZ8RyJF4WmfliAHHg:3Vq84RnJNIszfQQ2B8q7gDJLzxOJoPll
                                                                                                                                                                          MD5:8E00965B8F656729F6BB69F9DB20BA30
                                                                                                                                                                          SHA1:DE6C861649D8D1A272293D12F8355F8801DFF903
                                                                                                                                                                          SHA-256:957389B3314E56E86C0F0187AB6380EE5D7658992875754EEB9374D5C3A0868E
                                                                                                                                                                          SHA-512:CB7A70DB64A456CBD1D8BDA77E562C2704309A5D469D22729858F66EA6B1C5D995975155C047559FF2E1D3B4826B0C95B7980A2E2A3E76621B3A10A7319C3402
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Contrato de Licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}.",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Intentarlo de nuevo",.. DONE: "Listo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es tu asesor personal de seguridad vayas donde vayas en Internet.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: ".Excelente! Hemos instalado tu asesor personal en l.nea.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu sistema operativo no cumple los requisitos m.nimos del sistema. Actual.zalo e int.ntalo de nuevo.",.. ERROR_BROWSER_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu navegador no cumple nuestros requisitos m.nimos del sistema. Actualiza tu nave

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2740
                                                                                                                                                                          Entropy (8bit):5.308093679067159
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3O056PfLCRVyEaXqPs9IYxDT8iwKxp8iElfoKMV7xXTDbtDM57LzTsB1DUozuTI/:3oWvTkqP4IYxHXxZIfXIjC5vUbzzuTCX
                                                                                                                                                                          MD5:1C5D948F5088E01097CB94B6BE3989D4
                                                                                                                                                                          SHA1:34714E6BBDF90CA78F4B2130FEBA690223ED2A4A
                                                                                                                                                                          SHA-256:EE036B98E8935B09A98A4971CC1EA00EB379273F8B75611FBCD403A18D2DB0DE
                                                                                                                                                                          SHA-512:C373659C5DEC792EFD62A9C1F10A0F409F0D48E2D62A398154F1B7F3EF4B06816AA10D6DFB5581181AB2C8097DCE5333BC81AAAE4C36E7CC678A122285C5A176
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "lisenssisopimuksen",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Olen lukenut lisenssisopimuksen ja hyv.ksyn sen",.. //{0} - Company name.. THANK_YOU: "Kiitos, ett. valintasi oli {0}",.. INSTALL: "Asenna",.. CANCEL: "Peruuta",.. RETRY: "Yrit. uudelleen",.. DONE: "Valmis",.. //{0} - Product name.. PROGRESS_TITLE: "{0} on henkil.kohtainen turvallisuusneuvojasi aina, kun olet verkossa.",.. PROGRESS_SUBTITLE: "Asennetaan.",.. COMPLETE_TITLE: "Loistavaa! Olemme asentaneet henkil.kohtaisen verkkoneuvojasi.",.. COMPLETE_SUBTITLE: "Valmis",.. COMPLETE_LAUNCH: "Avaa selain",.. ERROR_OS_REQUIREMENTS: "Asennusta ei voi jatkaa, koska k.ytt.j.rjestelm.si ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. se ja yrit. uudelleen.",.. ERROR_BROWSER_REQUIREMENTS: "Asennusta ei voi jatkaa, koska selaimesi ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. selain ja yrit. uudelleen.",..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2957
                                                                                                                                                                          Entropy (8bit):5.29084273603639
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3TtTOo+8f2FWuEqdv5G8I5ybT1IG82ybSTIG8Cfjvz75B8zq5DVMk7LrqbkbGErr:3TCCyWfSv5G8I5WTK2WScCfjvz1mzkKy
                                                                                                                                                                          MD5:A36FADC66327107E12C725A415539CBF
                                                                                                                                                                          SHA1:3C3381D7EAC7D6EC38793044D1ACCBA8C9094BC8
                                                                                                                                                                          SHA-256:5705F5857F4E8BF384F270A56BF32A1F8ECCD99630D2289504797270530973CD
                                                                                                                                                                          SHA-512:97974E495E6C6990112FBA80C11900B6B782DFA48C8112759FC1D7469D7EB525F114047B100C666757E690901E3ACD7E35C23E38113144154E99D9DF40E49B88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. DONE: "Termin.",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit., o. que vous alliez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Parfait! Nous avons install. votre conseiller personnel en ligne.",.. COMPLETE_SUBTITLE: "Pr.t . d.marrer",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre syst.me d'exploitation ne r.pond pas . la configuration minimale requise. Veuillez le mettre . jour et r.essayer.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre navigateur

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2953
                                                                                                                                                                          Entropy (8bit):5.295545771935365
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3TtTOo+8f2FWuEqLv5G8I5ybT1IG82ybSTIG8Cfjvz75B8zq5DVMk7OxqbkbGErD:3TCCyWfYv5G8I5WTK2WScCfjvz1mzkK7
                                                                                                                                                                          MD5:8B60FCE0D6FD3962E148686F21AB4E9A
                                                                                                                                                                          SHA1:FFE7DAEFF6A7420BA6E5CAC2D6B2539182799948
                                                                                                                                                                          SHA-256:2FAE4BB5432E67F6B47BF2C3E2C5B44CFA56104468602047DE2A19C96923D7DF
                                                                                                                                                                          SHA-512:95330E44C94A221CB9B1A25932810259D1DBEA535FE5D5ABAF43BFC8BF65C0625FEF730F78EE9BDCF5F5E1E2C7084C5A54DB5A381A5598D98DB8CD85FA11D89D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. DONE: "Termin.",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit., o. que vous alliez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Parfait.! Nous avons install. votre conseiller personnel en ligne.",.. COMPLETE_SUBTITLE: "Pr.t . d.marrer",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre syst.me d'exploitation ne r.pond pas . la configuration minimale requise. Veuillez le mettre . jour et r.essayer.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre navigateu

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2827
                                                                                                                                                                          Entropy (8bit):5.347421387804527
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3vFCs47Qs1rDlEjihC7nRIoYwPabwfefNMcLRMGbm6+IN6I1GeRJ2lz1aIIJC5iH:3v8Nd1OjQgRIoYAaMfaNMcLreINJ3fwG
                                                                                                                                                                          MD5:C22CF0B54F76C868382282AE594FA364
                                                                                                                                                                          SHA1:45E2EC3E57496EB2FC4E1136423DA44BAA044461
                                                                                                                                                                          SHA-256:8EB9809593BA4B5248D1FBF0DB7DC5E22F040AC469D882B78EB4CE4A5668725A
                                                                                                                                                                          SHA-512:7754AF022340B47763205FAAF3395DA6EA93D0E69B67696EDA8197677977D8D46493A27639E4D2EF2AA06AFB846510ECFD0A070C9C326340A1EDB78970FFBB33
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencni ugovor",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam Licencni ugovor i saglasan/na sam s njim",.. //{0} - Company name.. THANK_YOU: "Zahvaljujemo .to ste odabrali {0}.",.. INSTALL: "Instaliraj",.. CANCEL: "Odustani",.. RETRY: "Poku.aj ponovo",.. DONE: "Gotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. osobni savjetnik za sigurnost na svakom mjestu na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Sjajno! Instalirali smo va.eg osobnog savjetnika na mre.i.",.. COMPLETE_SUBTITLE: "Spremno za pokretanje",.. COMPLETE_LAUNCH: "Otvori moj preglednik",.. ERROR_OS_REQUIREMENTS: "Va.a instalacija se ne mo.e nastaviti jer va. operativni sustav ne zadovoljava minimalne zahtjeve sustava. A.urirajte ga i poku.ajte ponovno.",.. ERROR_BROWSER_REQUIREMENTS: "Va.a instalacija se ne mo.e nastaviti jer va. preglednik ne zadovoljava minimalne zahtjev

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3020
                                                                                                                                                                          Entropy (8bit):5.501193888773686
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3tTcztb3AE5sBQIkQfa4xR9X+MK+ReCoPMre6Q/sIzqjIaLej1uh9JQh/aS:3otzN5sBQIkQfa4xR1+MKPkreb/tzeBY
                                                                                                                                                                          MD5:86A072B9B0E5BDB616874C39BD0F0264
                                                                                                                                                                          SHA1:D3524BD363AFFEACA8079B2C9C24BE445BDFDC98
                                                                                                                                                                          SHA-256:DCC631D88F305B8E71691C6852E3E8425244E38C90905FB78B47EF23102E6FCA
                                                                                                                                                                          SHA-512:F50CAC2DA38082AEBB97C8DD2D1D69F62A4152616EF3710247C5C00E691475C52DDC52FD0A4CEC22AB9B7DB920CD3FD4DF2F10F6F8259CE4F6C0613D4920BFE4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencmeg.llapod.s",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Elolvastam .s elfogadom a Licencmeg.llapod.st",.. //{0} - Company name.. THANK_YOU: "K.sz.nj.k, hogy a {0} term.k.t v.lasztotta",.. INSTALL: "Telep.t.s",.. CANCEL: "M.gse",.. RETRY: "Pr.b.lkozzon .jra",.. DONE: "K.sz",.. //{0} - Product name.. PROGRESS_TITLE: "A {0} az .n szem.lyes biztons.gi tan.csad.ja, amely mindenhova .nnel tart online.",.. PROGRESS_SUBTITLE: "Telep.t.s...",.. COMPLETE_TITLE: "Rendben! Telep.tett.k a szem.lyes biztons.gi tan.csad.j.t.",.. COMPLETE_SUBTITLE: "K.szen .ll",.. COMPLETE_LAUNCH: "B.ng.sz. megnyit.sa",.. ERROR_OS_REQUIREMENTS: "A telep.t.s nem folytathat., mert az oper.ci.s rendszer nem tesz eleget a minim.lis rendszerk.vetelm.nyeknek. Friss.tse, majd pr.b.lkozzon .jra.",.. ERROR_BROWSER_REQUIREMENTS: "A telep.t.s nem folytathat., mert a b.ng.sz. nem

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2654
                                                                                                                                                                          Entropy (8bit):5.273633144698911
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:30WhiWDdQoG5DJItZEqRU0TMNIbpJ5WpGKf/w+roo5Ng5wZpEY854U6hgz9+IR17:39q51529MNI75JKf7rDm5f6hgzIG1u0R
                                                                                                                                                                          MD5:6ADAA4FF9AFC5B3A70191C7778893813
                                                                                                                                                                          SHA1:5F639C9E8E626D160A9832674AF8BEBCC4C324DE
                                                                                                                                                                          SHA-256:8AA0EB04D5149925AD51ADC06D3F6468A4F2062F9A64BB80F85CAFCDA8BEA353
                                                                                                                                                                          SHA-512:BA1433C4EF8EB91C90A5578FF81A276507E9A94D624C6D0BEDF6069F5F7A41D00F49DC2C4B23F5D481400245270E3B56236193198B1A98DAE2576E7BD9CB69B7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contratto di Licenza",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ho letto e accetto il Contratto di Licenza",.. //{0} - Company name.. THANK_YOU: "Grazie per aver scelto {0}",.. INSTALL: "Installa",.. CANCEL: "Annulla",.. RETRY: "Riprova",.. DONE: "Fine",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . il tuo consulente personale per la sicurezza ovunque tu vada online.",.. PROGRESS_SUBTITLE: "Installazione in corso...",.. COMPLETE_TITLE: "Ottimo. Abbiamo installato il tuo consulente online personale.",.. COMPLETE_SUBTITLE: "Pronti a partire",.. COMPLETE_LAUNCH: "Apri il browser",.. ERROR_OS_REQUIREMENTS: "L'installazione non pu. continuare. Il sistema operativo non soddisfa i requisiti minimi del sistema. Aggiornalo e riprova.",.. ERROR_BROWSER_REQUIREMENTS: "L'installazione non pu. continuare. Il browser non soddisfa i requisiti minimi del sistema. Aggiorna il browser e riprova.",.. ERROR_VE

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                          Entropy (8bit):5.5881432753526985
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:3wpT6KUHA0ZV0Ikw0nofKxypVqml/MiXzYGDpvvSDruthk:3w8Hg0sUKgpYZiXzYGDpXaKthk
                                                                                                                                                                          MD5:B3B9671F29B88CF708C23FAA154F3AF2
                                                                                                                                                                          SHA1:B0C26292029AE7A19A635761FAE1B137C75E6BCB
                                                                                                                                                                          SHA-256:9AC130DCF86390701CC3A6C3551DD925360173CD59AC5ACE698BDEAB98309A67
                                                                                                                                                                          SHA-512:1A46ABD016A1A7F3061E293FF0DED137509F6036C4363430D17107D9E26F8914D84DBA4634B3B0CB4A112D5E23594FB8670C2E8E0D0CFF4BA002AEEA32748FB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "................",.. //{0} - Company name.. THANK_YOU: "{0}....................",.. INSTALL: "......",.. CANCEL: ".....",.. RETRY: "...",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}......................... .........",.. PROGRESS_SUBTITLE: "..........",.. COMPLETE_TITLE: "................ ..... ..................",.. COMPLETE_SUBTITLE: ".......",.. COMPLETE_LAUNCH: "........",.. ERROR_OS_REQUIREMENTS: "........ .....................................

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2982
                                                                                                                                                                          Entropy (8bit):5.847345330966997
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:34HjWMme4EaOYIc1TK1adfNDmI6DugabURx8B9HU5KzpJI6iUs/JAgPiX5NKt:346M3FadIc1+1cfRyDFfRqBRU5KzpJpy
                                                                                                                                                                          MD5:39F3D2B27B66D5E6956963328124B8D3
                                                                                                                                                                          SHA1:D85D5BFB9BF91E7AF751803F092E8F416D921EA9
                                                                                                                                                                          SHA-256:7C4AFC7091B859A02BAE6084CC2A3D1D2EFAB4CE39A544E0417136082EAB0203
                                                                                                                                                                          SHA-512:BB5550C76BBD499B7B9073EF2BA066D71F65E1B8BD834C57B7F431A4ADF5C4E723625DA1246598A37BF106CB4CE043FC2EBB819B0A941917366397D55A7627D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: ".... ..",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".... ... .. .....",.. //{0} - Company name.. THANK_YOU: "{0}.(.) ... ... .....",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: ".. ..",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}.(.) .. .... .. .. .. ... .......",.. PROGRESS_SUBTITLE: ".. ....",.. COMPLETE_TITLE: "....! .. ... .... .......",.. COMPLETE_SUBTITLE: ".. ..",.. COMPLETE_LAUNCH: ". .... ..",.. ERROR_OS_REQUIREMENTS: ".. ... .. ... .. ... .... .. ... ... . ..... ...... .. ......",.. ERROR_BROWSER_REQUIREMENTS: "..... .. ... .. ... .... .. ... .

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2722
                                                                                                                                                                          Entropy (8bit):5.303037907360488
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3795wot+OdOcWOEYoIOtl9IcBVF/qFSfE88QIwUueoIJhGduaT+G9hykWYYrzr9g:37Z+OZSFJNIaVFCFSfE2IwS885ZrzrKX
                                                                                                                                                                          MD5:325FDF0453BC217006C5EBD8E937EF2E
                                                                                                                                                                          SHA1:690B0339939946FC8A66E7BC3888B47132012E2D
                                                                                                                                                                          SHA-256:AE6C759B42D34C6900489EA3B5FCD57692737B522F7126BE814B576FB55B37CD
                                                                                                                                                                          SHA-512:12A146E232D234843A59404C287D78E1F9CCDFBC6A6BDA982E705EA9AAEAAC847A9C8CBA6FBC6ACA13AF16EC643F14D3A9E852B1AA25E6ED95879D3110B64703
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisensavtale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har lest og godtar lisensavtalen",.. //{0} - Company name.. THANK_YOU: "Takk for at du valgte {0}.",.. INSTALL: "Installer",.. CANCEL: "Avbryt",.. RETRY: "Pr.v p. nytt",.. DONE: "Ferdig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhetsr.dgiver uansett hvor du g.r p. nettet.",.. PROGRESS_SUBTITLE: "Installerer ...",.. COMPLETE_TITLE: "Flott! Vi har installert din personlige nettr.dgiver",.. COMPLETE_SUBTITLE: "Du er klar",.. COMPLETE_LAUNCH: ".pne nettleseren min",.. ERROR_OS_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi operativsystemet ikke oppfyller minimum systemkrav. Oppdater det, og pr.v p. nytt.",.. ERROR_BROWSER_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi nettleseren ikke oppfyller minimum systemkrav. Oppdater nettleseren, og pr.v p. nytt.",.. ERROR_VERSION: "Du har allere

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2834
                                                                                                                                                                          Entropy (8bit):5.221829835796673
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:34+VvRiGOx7kopCe4I2RjEY5n40w7TI3k7+WxXDk7+xIXrf24+5N7XR7lnw2IuXU:3nVSw7tRAOjiI3WrxXDWmIXrfw5VhnBk
                                                                                                                                                                          MD5:D406EAF5B9CBBB2546618F3D626A2970
                                                                                                                                                                          SHA1:D149C8916B9820AF6256E57FA6521DA63A063418
                                                                                                                                                                          SHA-256:AB6A945EDDBD05644903E5465FAC344C675DCFF1BF749FD02D4D134C2FDD643E
                                                                                                                                                                          SHA-512:E8C6A03DD0A2C6DCCF28C34EC9E6D6C66F06524F6FC554600C99C68AA75E70A06C0CBB650A88B6DA2ED753B7F7F05FE63A4AA69C2D6A3DE94ACDE8E2B422ED5F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "licentieovereenkomst",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ik heb de licentieovereenkomst gelezen en ga ermee akkoord.",.. //{0} - Company name.. THANK_YOU: "Bedankt dat u hebt gekozen voor {0}",.. INSTALL: "Installeren",.. CANCEL: "Annuleren",.. RETRY: "Opnieuw proberen",.. DONE: "Klaar",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is uw persoonlijke veiligheidsadviseur, waar u ook online bent.",.. PROGRESS_SUBTITLE: "Installeren...",.. COMPLETE_TITLE: "Fantastisch! Wij hebben uw persoonlijke online adviseur ge.nstalleerd.",.. COMPLETE_SUBTITLE: "Klaar om aan de slag te gaan",.. COMPLETE_LAUNCH: "Open mijn browser",.. ERROR_OS_REQUIREMENTS: "Uw installatie kan niet doorgaan omdat uw besturingssysteem niet voldoet aan de minimale systeemvereisten. Werk het bij en probeer het opnieuw.",.. ERROR_BROWSER_REQUIREMENTS: "Uw installatie kan niet doorgaan omdat uw browser niet voldoet aan onze min

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2823
                                                                                                                                                                          Entropy (8bit):5.563972162117738
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3dGFMW2pQHsBEbkZoNIGzxS5zXwWfeZOrma+1FKHZZ8ziDwThXiQLN3VzlzI77R5:3dGc+HbwZQIySBwWfeGmV8HZchyUNFzu
                                                                                                                                                                          MD5:609E78D49DA067E287FC7252C23C27A7
                                                                                                                                                                          SHA1:721E3387F38D84C1438FF57D2EC7C9BAC7A317B4
                                                                                                                                                                          SHA-256:FE7EB51C80968E5C1F92336EF132EC12AB27FECCD3BF0DC4AB87E80268334A97
                                                                                                                                                                          SHA-512:EB856F23E0152D43A411CC45A1CD4B56E84D5D8016C1EB549FC90D43C1668C005A191C7710ACF61DB2A32B2D341A4629BD3663A0538361281049D2228079D6FC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Umow. licencyjn.",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Znam i akceptuj. Umow. licencyjn.",.. //{0} - Company name.. THANK_YOU: "Dzi.kujemy za wybranie produktu {0}",.. INSTALL: "Zainstaluj",.. CANCEL: "Anuluj",.. RETRY: "Spr.buj ponownie",.. DONE: "Gotowe",.. //{0} - Product name.. PROGRESS_TITLE: "{0} to Tw.j osobisty doradca ds. bezpiecze.stwa w Internecie.",.. PROGRESS_SUBTITLE: "Instalowanie...",.. COMPLETE_TITLE: ".wietnie! Zainstalowali.my Twojego osobistego doradc. w Internecie.",.. COMPLETE_SUBTITLE: "Gotowe",.. COMPLETE_LAUNCH: "Otw.rz przegl.dark.",.. ERROR_OS_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, bo system operacyjny nie spe.nia minimalnych wymaga. systemowych. Uaktualnij go i spr.buj ponownie.",.. ERROR_BROWSER_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, bo przegl.darka nie spe.nia minimalnych wymaga. systemowych. Uaktualnij j. i spr.buj p

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2789
                                                                                                                                                                          Entropy (8bit):5.3016062340489984
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3wJinI7w56E8GjaIrKc2NfOe6zLZIlS+LuV5eEHHW6zFVI1rJqPTZ6XJfaoMym4D:3y7a1jaIrOfJgLzPHHHW6z3aJqPd6ZS6
                                                                                                                                                                          MD5:775D02E62D343C8AF21F50328C759CC7
                                                                                                                                                                          SHA1:1F976C75FB8425AB61CF1D66527C34E41019CB71
                                                                                                                                                                          SHA-256:072785166431B8CFD6744F1583A8D0ECF275854EC4EBDE6B851DD8AAF19371CE
                                                                                                                                                                          SHA-512:AFF7467FF93B4DF13519DEA1E2363D84B90C427F1DED6F6D43AA4C6123B33C88CAAB8999AA6A6709DCBC7B7550BAB368D3B190E425B6DAEC0FA5647CFFE9BD41
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Eu li e concordo com o Contrato de licen.a",.. //{0} - Company name.. THANK_YOU: "Agradecemos por escolher o {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. DONE: "Conclu.do",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . seu assessor pessoal de seguran.a sempre que estiver online.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: "Excelente! Seu assessor pessoal online est. instalado.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir meu navegador",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o sistema operacional n.o atende aos requisitos m.nimos de sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o navegador n.o atende aos nossos requisitos m.nimos de sis

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2834
                                                                                                                                                                          Entropy (8bit):5.285322036631864
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3T1cnI7wb1EbiIvQdKVvNfwSe6GfIeTnL+LdbeEsa5cztlI1rJqPFqWruD6NnqBL:3TZ7IubiIvQdUlfKFiHsa5czPaJqPFqf
                                                                                                                                                                          MD5:C7052BCD40A05D0A3C7F0EE4B23D4420
                                                                                                                                                                          SHA1:109A90360C15D73BFC1F1830419EBCBFA070E8D4
                                                                                                                                                                          SHA-256:DEDE2191F3B5936FC69D10FDF61C0D71B22486055BC68E5B4F7655025B19BFAA
                                                                                                                                                                          SHA-512:E9D0A62C150920F2BDFD7E1E7D18875D9E85A90D24CC01FA961EDAA57893450A67A5F866D5626F8F5FE9767A59E0FA48E22D8FBB482CB94C57FC0B9DE7E79146
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrato de licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e aceito o contrato de licen.a",.. //{0} - Company name.. THANK_YOU: "Agradecemos por escolher a {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. DONE: "Conclu.do",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . o seu consultor de seguran.a pessoal onde quer que navegue online.",.. PROGRESS_SUBTITLE: "A instalar...",.. COMPLETE_TITLE: ".timo! Instal.mos o seu consultor pessoal online.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir o meu browser",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu sistema operativo n.o cumpre os requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu browser n.o cumpre os nossos requisitos m.nimos do sistema.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4105
                                                                                                                                                                          Entropy (8bit):4.975608303898123
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:30u/iNM+4IOq/knqwkXf2EAaKOTLvl8szDmSXyD+X2h:30u/2MNjLnUP2Zb2GszDmSXyCXg
                                                                                                                                                                          MD5:4DD96DA7415A652A5E484DC6239782CF
                                                                                                                                                                          SHA1:6208329EDEEC28D151D9E5800115A3F81BA816A2
                                                                                                                                                                          SHA-256:66A056646393A313C24FB488886376E7B361407CD348C2E7B1EE8254CF2576BB
                                                                                                                                                                          SHA-512:685EDA453DBD36C9A6120B80AF39D0B7EBDDA81A9BCBABDEE52AD6650F830AA6E235FE31ED4A61FD8B20E9BE25BBDB90AC39766C608EB3ADADEEE679664FAD6C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "............ ..........",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ". ........(.) . ........ ............ ..........",.. //{0} - Company name.. THANK_YOU: ".......... .. ..... {0}",.. INSTALL: "..........",.. CANCEL: "......",.. RETRY: "......... .......",.. DONE: "......",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . ... ... ...... ........ .. ............ . ..........",.. PROGRESS_SUBTITLE: "............",.. COMPLETE_TITLE: ".......! .. .......... ...... ........ .. .............",.. COMPLETE_SUBTITLE: "... ......",.. COMPLETE_LAUNCH: "....... .......",.. ERROR_OS_REQUIREMENTS: "......... .. ..... .... .........., ... ... .

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2909
                                                                                                                                                                          Entropy (8bit):5.626133730858778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3KUWqz7ZZceEHrdNIzNUAuvAKf+EGAzo+93L08AwF7ERm4502zLzIPJicLhqaX4U:3K/AZeH3IzNUAuvAKf+EGAs+JL08AIwO
                                                                                                                                                                          MD5:9F16073EC6F27264D8157CA0C6BAC3FF
                                                                                                                                                                          SHA1:02A8694638AA2DDA4E30848821E175479C4E7588
                                                                                                                                                                          SHA-256:4AEDFE6AF187A36A25F824C5C3819D6FED03AF76C4B722AF4772F90BACF1FF86
                                                                                                                                                                          SHA-512:E852A1F712DA32FB30CC79FE0D33CE57430B4CA59936824D55A2F2FE1167959774FDC9634EE7BEC7C84965F68495CCE24DCAA1BB6D85D2B90406782D1285CA7C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. zmluva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pre..tal(-a) som si dokument Licen.n. zmluva a.s.hlas.m.s n.m",.. //{0} - Company name.. THANK_YOU: ".akujeme, .e ste si vybrali {0}.",.. INSTALL: "In.talova.",.. CANCEL: "Zru.i.",.. RETRY: "Sk.si. znova",.. DONE: "Hotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va..m osobn.m poradcom v oblasti bezpe.nosti, kdeko.vek sa pripoj.te na web.",.. PROGRESS_SUBTITLE: "In.taluje sa...",.. COMPLETE_TITLE: "V.borne! Nain.talovali sme v..ho osobn.ho online poradcu.",.. COMPLETE_SUBTITLE: "M..ete za.a.",.. COMPLETE_LAUNCH: "Otvori. m.j prehliada.",.. ERROR_OS_REQUIREMENTS: "Va.a in.tal.cia nem..e pokra.ova., lebo v.. opera.n. syst.m nesp..a minim.lne syst.mov. po.iadavky. Aktualizujte ho a sk.ste to znova.",.. ERROR_BROWSER_REQUIREMENTS: "Va.a in.tal.cia nem..e pokra.ova., lebo v

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2792
                                                                                                                                                                          Entropy (8bit):5.357366308263878
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:31hpQU1rGGEji4oL8BI7J2wEfD/f6zRlce+ISDO4MERSeXlzd5iLIXQ5T7H5OWQj:35b1WjBACI7ItfD/fojmIKYENVzd566v
                                                                                                                                                                          MD5:D7BCA954858CFDD077B87175B015B529
                                                                                                                                                                          SHA1:C2209D10757A7646B21951981A4DD1ADE40CBE7B
                                                                                                                                                                          SHA-256:21CA8FC0D87338E407A5BF3966F0385979993BBE4F42390201BC1366E6E07EA9
                                                                                                                                                                          SHA-512:B02BE531DD0D55261969C95EDDEB2FB431E1C5D302A8BEB692DBB36933904383F48EE08FA0CAE66AB521ADEEC541777327865D67FFA2DA7C76E4056E0462DCA6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Ugovor o licenciranju",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao sam i saglsan sam s Ugovorom o licenciranju",.. //{0} - Company name.. THANK_YOU: "Hvala .to ste izabrali {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Otka.i",.. RETRY: "Poku.aj ponovo",.. DONE: "Gotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. li.ni savetnik za bezbednost gde god da ste na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Odli.no! Instaliran je va. li.ni savetnik za bezbednost",.. COMPLETE_SUBTITLE: "Spreman je",.. COMPLETE_LAUNCH: "Otvori pregleda.",.. ERROR_OS_REQUIREMENTS: "Instalacija se ne mo.e nastaviti jer operativni sistem ne ispunjava na.e minimalne sistemske zahteve. A.urirajte ga i poku.ajte ponovo.",.. ERROR_BROWSER_REQUIREMENTS: "Instalacija se ne mo.e nastaviti jer operativni sistem ne ispunjava na.e minimalne sistemske zahteve. A.urirajte pregled

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2700
                                                                                                                                                                          Entropy (8bit):5.360820792263823
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3pdCODtNYC/mqEYcQdE9IcaF8kFFafEoGyIucFI4Xc3+NqYk7svff0ozg2IfGETU:3JROLieInFhFafEojIvn3fvzrCRZNsrJ
                                                                                                                                                                          MD5:B553D7133C80C6AB93BF33A7DB0E65CA
                                                                                                                                                                          SHA1:0670C14B53E7D362EF19F35C18095D43258E23E2
                                                                                                                                                                          SHA-256:4D9CD0727E42F367AC9720FF1BEA9EA32062D09294C973B54B57050C05E4FFD5
                                                                                                                                                                          SHA-512:D06743CEDD5CDB6E98F1768DBC425550110D858A904828231591AB71EA9A2C6728EE75239CC7E2C411F2E993337F5C69B1FA33D82D5395DC24753915702E3622
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "licensavtalet",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jag har l.st och godk.nner licensavtalet",.. //{0} - Company name.. THANK_YOU: "Tack f.r att du v.ljer {0}",.. INSTALL: "Installera",.. CANCEL: "Avbryt",.. RETRY: "F.rs.k igen",.. DONE: "Klart",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .r din personliga s.kerhetsr.dgivare var du .n kopplar upp dig.",.. PROGRESS_SUBTITLE: "Installerar ...",.. COMPLETE_TITLE: "Toppen! Vi har installerat din personliga internetr.dgivare.",.. COMPLETE_SUBTITLE: "Allt .r redo",.. COMPLETE_LAUNCH: ".ppna i webbl.saren",.. ERROR_OS_REQUIREMENTS: "Installationen kan inte forts.tta eftersom operativsystemet inte uppfyller systemkraven. Uppdatera det och f.rs.k igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan inte forts.tta eftersom webbl.saren inte uppfyller systemkraven. Uppdatera webbl.saren och f.rs.k igen.",.. ERROR_VERSION:

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2936
                                                                                                                                                                          Entropy (8bit):5.4922221769296184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3DdrZpFTox8fYCPZEpdhp0IW+AVJBn+AWuzfNLFnsZFfB9mpFA8lLgMs/U4oXMoN:3JZToKnKpdheIWtr+uzfvsTfTGacLXz5
                                                                                                                                                                          MD5:18A69E3CA3CA0156A63A1DFBE77D4F29
                                                                                                                                                                          SHA1:ECA17161D2AD2642AC9103107009275945113340
                                                                                                                                                                          SHA-256:A931E05C2614D3739472F9DD6F252A860BD8EFF5C65476427D3FFB388BCFBB7C
                                                                                                                                                                          SHA-512:175C2C45C6E178C034D8419DA14BD77F4878ACD0B242F74BB5AA8B4FAF3D8A25B854E7E1C6ACF8D71573D23FBBB8899B13FED05B2A47C7598E51DEC6340B4FE3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisans S.zle.mesi",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Lisans S.zle.mesini okudum ve kabul ediyorum",.. //{0} - Company name.. THANK_YOU: "{0} .r.n.n. tercih etti.iniz i.in te.ekk.r ederiz",.. INSTALL: "Y.kle",.. CANCEL: ".ptal",.. RETRY: "Tekrar Deneyin",.. DONE: "Bitti",.. //{0} - Product name.. PROGRESS_TITLE: "{0}, .evrimi.i oldu.unuz her yerde ki.isel g.venlik dan..man.n.zd.r.",.. PROGRESS_SUBTITLE: "Y.kleniyor...",.. COMPLETE_TITLE: "M.kemmel! Ki.isel .evrimi.i dan..man.n.z. y.kledik.",.. COMPLETE_SUBTITLE: "Haz.r",.. COMPLETE_LAUNCH: "Taray.c.m. a.",.. ERROR_OS_REQUIREMENTS: "..letim sisteminiz minimum sistem gereksinimlerini kar..lamad... i.in kurulumunuz devam edemiyor. L.tfen g.ncelleyin ve tekrar deneyin.",.. ERROR_BROWSER_REQUIREMENTS: "Taray.c.n.z minimum sistem gereksinimlerimizi kar..lamad... i.in kurulumunuz devam edem

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2349
                                                                                                                                                                          Entropy (8bit):6.290274114517677
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3oWfvFbBReTE4anI7mO8VDfA9lwVooJy17QGYDV5zzIG+b7jyW1XoUW:3oWHrR34anI7mO8VDfA9lMTocGu7zzzN
                                                                                                                                                                          MD5:2CCA1854019AAD327B3FABE1000E9BEF
                                                                                                                                                                          SHA1:59A26CCDD6327DDDC4C02650171177A27E771452
                                                                                                                                                                          SHA-256:4E07338BAAA7C846DA5FECB9680BFF445E7701B143BD2025A55A04F58EA0379F
                                                                                                                                                                          SHA-512:731086276C68E129023B444192F151855158B84E0542F112849082F911D58F6E632C32E147507D25C60E003D5564EFA2E3EBA1FFD18DEF475F64BDCBDAF8F2B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".............",.. //{0} - Company name.. THANK_YOU: ".....{0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "..",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}............",.. PROGRESS_SUBTITLE: ".....",.. COMPLETE_TITLE: "....................",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".......",.. ERROR_OS_REQUIREMENTS: "................................",.. ERROR_BROWSER_REQUIREMENTS: "................................",.. ERROR_VERSION: "..................",.. ERROR_FAIL: ".............

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-install-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2522
                                                                                                                                                                          Entropy (8bit):6.318470816194378
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3wPuvnWuIBAezE3esIo5M++fI/lYjfGFsjL7F9f9tz3JIeqWaGUnfAr5hTD:3wUwAv3FIL++fI/l0f7F9f7z5jqWofA3
                                                                                                                                                                          MD5:306CB62C14A658C9E25B72926B0585D7
                                                                                                                                                                          SHA1:B97A542503E581BA545574FA0C0A5B1CE658F9D8
                                                                                                                                                                          SHA-256:42E2F61873BD8A7F6A03B76C68955A3D0D701313AD773B32AF802240968872BF
                                                                                                                                                                          SHA-512:EFD763788B1D991A7ECEC1B77353C1455EB9376A0D961D4069968C6D5471612329FF88E052806FEB42DD09A01BF7CD82701E010EFABAA53149DC0BDB1957A55A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".............",.. //{0} - Company name.. THANK_YOU: "..... {0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "....",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .....................",.. PROGRESS_SUBTITLE: ".....",.. COMPLETE_TITLE: "..................",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".....",.. ERROR_OS_REQUIREMENTS: "................................",.. ERROR_BROWSER_REQUIREMENTS: "...............................",.. ERROR_VERSION: "................",.. ERROR_FAIL: ".........

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):716
                                                                                                                                                                          Entropy (8bit):5.6123995105579825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRToEwCWHmlva:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9G
                                                                                                                                                                          MD5:00F4E38B48072F3869B60E0D95C2A9B6
                                                                                                                                                                          SHA1:C8CE5CA8F175008CCBEC78275E757F62FE9C635A
                                                                                                                                                                          SHA-256:C2D22278512E32727CB434EA10F23C86AE9C08CAF0AE4DAB02F02FCB1041BB99
                                                                                                                                                                          SHA-512:64429F44AD0594E529C1C4CE9FFB87981790E67BAAF4CA3E704FE13C2BAE720E602E9ED2D74F3E9664A91EC6B3C1524070137732798EB8B4E830996379C3C16D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7915940C39986F4880E6A2FBC9737543635F5A1D110ED6E3AFFDAFAB149C5AFF1703FFC9466951316626F1FBB58178AEBD100D0078DABFC21D0714D0CEEA119F++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):728
                                                                                                                                                                          Entropy (8bit):5.552900854514872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biUvzbkLwT5zxjAHo8wN9wuRTo6NHMxracRckCdXt:7e9SlNLiafLYFv9KO4Z7WIOHo8wN9ZR/
                                                                                                                                                                          MD5:B2C903C076A41A1737DB816018633A98
                                                                                                                                                                          SHA1:FAD0008D1C2D4713239C3D9058685919F656B7AD
                                                                                                                                                                          SHA-256:F525F6EAF3880731B179D85B090C0632DA0D913FC84E5E3F98071AF276259F55
                                                                                                                                                                          SHA-512:95283B3B641A234A122386A6E7D1D8358FD5AC67F1F72262E53B028A5927B12EAF501A2D4E4B45A14014D96CAE69C0E514540CEA80686F1696901E609E14E805
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//514C43E98B794D2AC98CC2A39D1794688A93B8FE872BF50CB063364579F1BEA8C13AEB945A186AC919AC0B33B114C4CDF8877E143AD3B5EDF237023A807AE010++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):695
                                                                                                                                                                          Entropy (8bit):5.549081746702864
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToEKQw/Fht:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRQ
                                                                                                                                                                          MD5:D758E0A6DA482AE0EEB46E0B8A65C9CD
                                                                                                                                                                          SHA1:7945EA60F5AFC84819283037B2FF493CB8224C5E
                                                                                                                                                                          SHA-256:14F8DB188A0130B264D3A34D0ADD757FD1BE3C5A5E02E581BC0A9D578F736B87
                                                                                                                                                                          SHA-512:E93EB661D24C40DD2375B521B256EE9F3CAE01868E261B2F4ECA39CF8BE37C7C0120097DAA365B8F5503D0388FA70E8E26E1F795E27E0BA903BC5444FEF2E55E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9F9083EA4FDED455F3A23B016952128F280E9BB91D2498BDFC250400DD82FD928136390AEA869B7A1C014FE3C0760121E9800361A5837B39456C1EDC9746BEF2++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):750
                                                                                                                                                                          Entropy (8bit):5.77117399690753
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTol6VFB:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9t
                                                                                                                                                                          MD5:1C8FFEDEC34AB60D998C996AC7D55462
                                                                                                                                                                          SHA1:58B78A462590B78A421024E70D4CF89434AA7BC1
                                                                                                                                                                          SHA-256:CBCB9411E7947D6483DF5E05D967C9531AAAA0CA3F233E86994247818540CA5E
                                                                                                                                                                          SHA-512:83A500DDD5064EC74808E28A1544862D47FA42188E0AD57B22E0241529147261DA4AF60017EFF000ADBF88E307A6FA56C78963D73AC9A6B2536E2FD2B9D81D56
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D7F2DA34F1B7920CDF501DA892A6EF4E0F0482D5B374A1842AA59B4D81D84459C21E6F05926E192B86431EBB5037EB33BDA11B0E22308710E9627D7E7BBDD102++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):688
                                                                                                                                                                          Entropy (8bit):5.487912643529434
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTo/upmkI2uDiSRgC:7e9SlNLiafLYFv9KO4zkCWIoT9ZRRIk8
                                                                                                                                                                          MD5:CC46B4069EB88FCA4183A1802345E488
                                                                                                                                                                          SHA1:06D6CABDCD0E67EBE402C81E12963AA00E04E799
                                                                                                                                                                          SHA-256:ADF2EC9276CD96BAA46E217DCE9586664C7DFFA22986B26596AC985D3E0C3903
                                                                                                                                                                          SHA-512:1DD44483C0ACF7442FE1DAADF0FD3256C1099EBF63265984CEC610F8811CEAE867A1081D8BB8B9B801E08BDE0E8D7E265BA4A36536B0E47FC000E262F23B8848
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//93ECAFC6B6FA905461032E6E8DB4729D2263C0306E689F6F2ED8EBDE9DEEB34B003A93CD10F9DA8B1526F7017FC0F77DFDA6CAA0F0FEE67BE1F16FE012A4EE93++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.5223212774827966
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo2XZwfIuN1gC:7e9SlNLiafrFv9KO40AnWIqgV9ZRFQf
                                                                                                                                                                          MD5:54A4EB2032797DD5698E222029700740
                                                                                                                                                                          SHA1:2F7E07CEB0295F3239CE8F12E8A9D40277CDD301
                                                                                                                                                                          SHA-256:30055D95C0B902C93AA58EDB2743B19D928212C2F7549148E79EFAA99E263BF9
                                                                                                                                                                          SHA-512:C05E874A388172D7CD8921F4C1F9D61AC8F03D0EB53EC4CDB0ECB530461264A948560B949FE6416BEA2077440AA44F0B60F0BB0C19A986F042433E2C141CE8C6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D637B12E35A4ABAF510C98358FC89098EE8C5F537636E86A2E74A59998CBCCEADD062E0D121A282C7F190C2006C9FEF1A0F154606AF95776592B825C8C802D02++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.537604554770778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo6mVa4V9ncmIv:7e9SlNLiafrFv9KO40AnWIqgV9ZR1QfA
                                                                                                                                                                          MD5:AB2324AA7C6A311DC97B36ADA22046CF
                                                                                                                                                                          SHA1:5932FD81A2126A13F7C03910E68744C7F41DE394
                                                                                                                                                                          SHA-256:A7D4654BAE3D149D345A887A7892962793D061C9E755F251A7D19C2F564B939B
                                                                                                                                                                          SHA-512:E538DACA1AED4E6B3273DD1388B7A0FA576CD3ABDF156DCF6C3D816F14B7516711724C77E1C98E2B672981E32558CB7DFE4E4850A634F6C021BFE84BEF1EC267
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1496EF941B55F4BF4FF8C580A2561563C6BC322E226844D8B8F8BACF0FBFDA7F6BA401BFB844DE187768CB4BE50BA3807F79D92D3D499CA70EB86A09479E101D++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):694
                                                                                                                                                                          Entropy (8bit):5.5173328903737
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biO6EGbkLwT5zxjAHo88WN9wuRTo8M9DEXW+A29dC:7e9SlNLiafsv9KO43GWIOHo8Z9ZRnS+Q
                                                                                                                                                                          MD5:2EFAA2FE73F61AAA9575F06A7EE25AAA
                                                                                                                                                                          SHA1:28DB2864BC91CFEC0F615800C7C48D0954F8DE61
                                                                                                                                                                          SHA-256:3D65ACAD9615F07267279B3C6EF547C033D37B1F55E9F393BA5F07149BF158ED
                                                                                                                                                                          SHA-512:57D8821F7C5EFA9B630E3CB0A9CFB51E0A1BC81D8FBCECB0595FA2373B3B8AC488717516EDBE4DF07E83D372E73341BD04A3907745D7AB5C08100FE9141B5E67
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "tietosuojaselosteen",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//592438C477D7D5A0FCDE0A4ABEEC1E61160F3ADB96ED593D2336CB7F85A5D7ED20530ED0297802AE44966CA63AEC0B0D86E87CCF49CB09DA32283990C5157737++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):710
                                                                                                                                                                          Entropy (8bit):5.571075904252609
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRToHcONXKvL+u9vFJ:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZR2Y
                                                                                                                                                                          MD5:B1FEF06E6DB7C7840355CFDC9E66DFA9
                                                                                                                                                                          SHA1:1A72F5525215F467F2687052C1C107143BFBC497
                                                                                                                                                                          SHA-256:CA51CECD55303BF09C0F9E0E8285419EED57BB2E457E906FDC06763F1AABE64A
                                                                                                                                                                          SHA-512:0D3A8FC6D51795EBD7116CF30FE7371A01ABAC64D898045EA8BF1E22C975E2E805B9ABF2B51BCD9B12A10CC56941320869E63A818DBAEAA72764010251757171
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E31462AD7B349988780C04B0BC7C8C4421A8A65C2B0267E5BA72FC3F8BB7278C1889AB97283D655440681525FC18608C9BF44C79B9E6B01A384AB197AD90FD4C++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):710
                                                                                                                                                                          Entropy (8bit):5.544187033409281
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRTompOE6pzxcgRg:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZRHN
                                                                                                                                                                          MD5:81FF80E529C769AECE9D98592D14A500
                                                                                                                                                                          SHA1:88D9EC34A3852BB8577FDC4ED89AD71A79862F5C
                                                                                                                                                                          SHA-256:98DDF02B185AC2036F8EBBB6ADF9C7B4FA14FC8CA9FBD19B7FFBFEA3770977F4
                                                                                                                                                                          SHA-512:24C932AD5D51E1B014E8BBB5371104884EC3A20530F8D6653F28D6F52F2571A2ACDF70D803EF12FA7D974DD3907632676F0BEBA0CB679D46E46D3AB7B9B3CCE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6272E90B87E22993E4A9C7AFBD1EA5F6E826D3D603124F3F6DA42CB6FD6A7CA04857CE3220935E918503D17C26ED9CE2AD48B2A2C83030EBCF9BE923DD91B71E++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):703
                                                                                                                                                                          Entropy (8bit):5.5270598050887205
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo4jRF4zOAkE4XG0:7e9SlNLiaflv9KO43BoWIVT9ZR774zhK
                                                                                                                                                                          MD5:7AAE3B6206C930CD459C11C26F120447
                                                                                                                                                                          SHA1:9B5AE66FBDE3B0E7AD58C1D69A7DAF40AACEDC67
                                                                                                                                                                          SHA-256:8DCD9C2FB5873BB4F522C9E8209A0CD93242C1B1B47EC53166E2E03355668E1D
                                                                                                                                                                          SHA-512:47977AC2A48626E4500E7E8A84E9843FF2C7CF5CC403AC58629B13D0DFA288BE320A48436332D0AC2FEF97D7959F14BE2DDFBB50FA35516C03070E56A694DDA3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C5921FB8FE54F0C9BADA85486599B32A165D30DEEA2DDBC8609E4045DAA88AD032F6AB1D073C3AEC92DB86343CB0733C39A62CA3F84D756E6E086481CE8F7AAF++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):699
                                                                                                                                                                          Entropy (8bit):5.578115457562142
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRToXaaMM:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvw
                                                                                                                                                                          MD5:BEB5960C719B090AA684968F630B674F
                                                                                                                                                                          SHA1:30F3214BFE12A27A84BDC14446F4F57AF96E46B9
                                                                                                                                                                          SHA-256:3851B97C8DBCFE1A9E85AB1B712E3F4B8388BFD7EC665211C83D66A59C5A8772
                                                                                                                                                                          SHA-512:33E3874AF7AD6186532F1B5EC90156287C3D73837183EE4934D7919AA8A43145DFC6413840782E759E8B65211673AE3A8794DA424EC9B565875CEA709D6AD17F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D63EE19641986D9D825A8C5134A9CE24F11402D1E1B0E33B2454ACB50E4A62EF5E0C8E59D2ABEA7BF41C597CE801D9CE9A00D9E4A4FFA823C7789863F9BE63C++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):697
                                                                                                                                                                          Entropy (8bit):5.505876168763784
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNp7mbkLwT5zxjm79wuRToSj0hWSWzpp+8:7e9SlNLiafVv9KO4apKWIo79ZRXPzpg8
                                                                                                                                                                          MD5:A14208DB73B39365C4D6C838776981D9
                                                                                                                                                                          SHA1:FEB20B19EF9C58C6CC10914A9E139ECC617D91A1
                                                                                                                                                                          SHA-256:E13248A02CC9BF468A097DBAFF0BEED57176284BD10E431E4005C525B91C8618
                                                                                                                                                                          SHA-512:53A3E81DB1AD91A64D281AE089C8AB4526873D7A1EBBA27C93146320CB132160EF7441DDECFC715C2F28F5901E74E9B1EC02116C247C287458AE4F7DD5899373
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla Privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9D53CF31538C018BAE126DDA881FFD6C157AD09EBFB4BDBA389AED758E33FCE052A61F8F331AEC363DAE8E19DA957FBD41B0D08A44EBDA2D4CDEC8D669091087++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):808
                                                                                                                                                                          Entropy (8bit):5.7409373263357235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZR6Ued3:K9fLdICdfA49XLAWIOfUHFKdd3
                                                                                                                                                                          MD5:28B7739A421835EB9CD88B6013D4E689
                                                                                                                                                                          SHA1:DCF2CCD130415AC7F2C45E4495AAFC5EC976B058
                                                                                                                                                                          SHA-256:0C69D07D25EADA8203C4207A619F31992E1EC223D9550E645E2780C4BF3C29FA
                                                                                                                                                                          SHA-512:501684FDD4B4569C5BFB7A4F7E4C32B7FD8272E2B4961958F64B03E6B74D5767E19E17133F43A3CE5ED4DD932DE509C96C2D57F53B8C60318F03AE764A86EE0E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//26438DF7DDD1B7091ED260C5751D4A077CA382594D057744E7A18123A105135A5502DE2EC8D32B83E5301B99F1BF5EEC74B00DEF5B1B21DBF4CDBD9CC6109029++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):742
                                                                                                                                                                          Entropy (8bit):5.82878368970307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToa+g/N0u+Ho:7e9Ed13isnfVtv9kc4sWIViQ9ZR2gl4I
                                                                                                                                                                          MD5:53F240755A3E1938272249CCF8BD05D7
                                                                                                                                                                          SHA1:770F628BB772CC9461CF3D234E061EA4D810B119
                                                                                                                                                                          SHA-256:51DCD424DE086E10A9591AB85F830A8F466108F9DBBAA4B47A6DBAFB04BF2986
                                                                                                                                                                          SHA-512:54E1024EFC0B118C78C2406FB7D92E9794A241CBDE0D122957CC2C0C9628B443EE3EB7BEB916C83AD6BA7E8A706BFC8B7A78513119902A867A3728938EDE2A50
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//277BE604E32720DCF4BFF19AAA4CE10DDD8BABD440063659C78111528AE8B9281D266930182575EBEEBD256C8A040C4507A85B56B99FD882D9F3380D6FDEEA77++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):696
                                                                                                                                                                          Entropy (8bit):5.566757432761514
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToQMLVXQQgAe:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRtMA
                                                                                                                                                                          MD5:13FAE2BC4589EEB043806433697F4963
                                                                                                                                                                          SHA1:3D8CFA01762AEE740AA79236BADF9377275C8056
                                                                                                                                                                          SHA-256:F566A0C874B6497D4062F50ED554E5B997E4802E3B38AE70F59ED5787E39ACE9
                                                                                                                                                                          SHA-512:0A9DA7FA70D04D7AB53E4B7965EE8B6985BA1B2F6B2BACDFBEA92958ADAED25DC469BF6CA81B17BB75F53D3F5E39EFC3828984CC2346D1AFA6E6DAD14F364025
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E6C0634EF860473E5E1AC5DB56979665B177B654AF315AE120E64100E5693F76AC7D9890274062266625FE1B3B2BE60A8D8495F7A38F8C8C5EC99648483D6C21++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):746
                                                                                                                                                                          Entropy (8bit):5.619956078029764
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biKGCEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToJI5rcn4:7e9SlNLiafyv9KO4TGCEnWtB26OHo8Cb
                                                                                                                                                                          MD5:92F19DA62297C36C9E535BC5BF8B2F61
                                                                                                                                                                          SHA1:4BACE2C47E227ED1FEA94EF2712745FCC7F17E2D
                                                                                                                                                                          SHA-256:55CA92573C4E375DD2036798B34060BB822CB3B30396806A414539B5BF247474
                                                                                                                                                                          SHA-512:7B8F12E39550B6ED65D50606D4CA8D8D52252D0527FE62538F1653339E3FCD36E16F096391D63A1A0A2FCCA1C210F16D0E79EDC0F66008D3BB0F8F12E20A69A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//85B81632B31DF611B6DB04A1F9D62E994290E36CF52C98D4DBD8811EE052DF144CC11541848F2D1C2C3DB510126DF77205BF71332EE9E5CB31D881E9C857B245++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):709
                                                                                                                                                                          Entropy (8bit):5.575958834672549
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/xumdtLwnVC7dTN3:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRi/
                                                                                                                                                                          MD5:0303083C987D0942CFF17CE9D0027E93
                                                                                                                                                                          SHA1:FF1E0146514A442652002DD534A41046937B5914
                                                                                                                                                                          SHA-256:56188A2ED3326B0860D9CF76D6961CB643FC1A2F93E2FFB4DA2ABC0FF8640116
                                                                                                                                                                          SHA-512:ECC7AB3D3F27CB2383AA8C49F86F6C6BFA1027148997D4F92825D9B730641D214C95C0BE924B71575B1395A61267F34CBA6CF27D13E2F8D9EFDF753E6749C76C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//2B110267F6341264500B29DC41AFD0C0D54141C5440DF4870008641509E32199642C5F03BF1696B79BA1C750119560BDEC726C2E3E852CCC3A6285FD7890EE61++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.549994684984163
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo12WFze9jTXEPvOun:7e9SlNLiafBv9KO40HWIOHo8K9ZR2Mt6
                                                                                                                                                                          MD5:801B89861183733EA35C952F78618985
                                                                                                                                                                          SHA1:E32C18AC6CA2B460C09759604CFC012AA030C03C
                                                                                                                                                                          SHA-256:95115CF18EE1E1A4896B08DBA7F24D012FB1B019215F86EC0FCE99141DEA9EFB
                                                                                                                                                                          SHA-512:3E0654E78080E2B6C5FF461F9DC4F85AD29D19754DD46880E80A4208E134CE2D5B6E449F9AC65592DC2BBDC2B7E44234998F0F7700CFA1E0218851FD5EEF5531
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//38319A37158F74349C56AE780D2FE1EA74369BCF9BF2139B6E7E1F6356EE6BF27E0781B2EC874623B3ACBC61CBD4F20A336E5563F143AC8483FE50230576700A++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.5619311609747175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4biHfHbkLwT5zxjmkf9wuRToePiIUngpgph8kWhuGCs:7e9SlNLiafBv9KO4ofHWIoK9ZR1BUkvt
                                                                                                                                                                          MD5:0826E1B34CD2718A14E67DB7471FEFF8
                                                                                                                                                                          SHA1:466CF995CD7E7673DF269E4DA917833DECFDEAEF
                                                                                                                                                                          SHA-256:E84BDF8D70A4D9032B2ECD3B2920DFA245E4420A1A05D2681A661D358D6804BB
                                                                                                                                                                          SHA-512:041E3F2164BA3C67A4F306855B59AF7BC516AFCEADD315FFE8E28A573CF2FE2DFD1B8F62A2C509ED85D9D24D95D56EEEB7D22D10A5CA007BF13A24F069089031
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//62715013ADB65289BD1425F49A9D44B5CF85BB826081DA7BECE9C3AE4217243A475EC1084D7F31910504181A52A7F7B35DA37012AB7F3002AE77CF8DF6F40CC2++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):751
                                                                                                                                                                          Entropy (8bit):5.755930371819692
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf96v9LuO4bi4epiXbkLwT5zxjhKgE9wuRTowy3NvVknWaZpFkWc:7e9SlNLiafUv9KO4sWWISt9ZRmvVknP6
                                                                                                                                                                          MD5:CB17FD8DACE0C83B800F99F280D52A63
                                                                                                                                                                          SHA1:337B214690529E33BA2294A73E957F6D608788B0
                                                                                                                                                                          SHA-256:04271C792B07D7C0AA35385B55D51D3CD95398588C2F45D934775E669BB183AA
                                                                                                                                                                          SHA-512:6C47919977A192326E14B13C58CBF056901B12CC03B4C22B15D299E0D7538F49C21873E0A744E77924492468EA4F7F42FC42DBA610B24872DDEA397AE4539CD8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//88620717E9EE799EB8AA7F2E1760C2014F35B651171979FE060EC65AA5F267F05ADEDAC3569FF2A423984079CA92354D45A0F0554C8443802E3B39E48FEC628D++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719
                                                                                                                                                                          Entropy (8bit):5.6102161711105865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToS+Y4nU:7e9SlNLiafNv9KO4uWIOHo8+9ZR8Y4nU
                                                                                                                                                                          MD5:54082BF3A6B20F715D94808EF1951E71
                                                                                                                                                                          SHA1:B338216AA1F573D6F3EE14D26A514C5B9741C3EF
                                                                                                                                                                          SHA-256:C291BC36DF5BED83B96AC1A20B18B1B26A50035BF78B392A87A8205AC3EF169E
                                                                                                                                                                          SHA-512:126630161BD3266CAF11661A20AF0662EAE3263CA0D489CDF1B03796F2C732BABD865A37AE7B143ABD8EFA6AE1CFDD928710F33008058D22E8C153EFD8AF39E6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5624C53BCE8EA93E7C318B6470C5FD2BEA3CDF9448B5D8D70C5A88356E4684C1840F2A24BACB9BB5EC460482E3A6AD71B85856879DC16C66C82BC35A4E3EF13B++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):706
                                                                                                                                                                          Entropy (8bit):5.554327092493012
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToojRkm5e4eRgiX20qdSh:7e9SlNLiaflv9KO4cjWIVT9ZRnfeBg0X
                                                                                                                                                                          MD5:0C9AFEA80408DB59A843AAFA6C0BC23C
                                                                                                                                                                          SHA1:D9BECCE27AC0CC8ABD9DABB30EE7B23618CA7E7F
                                                                                                                                                                          SHA-256:F3ED198C41D3CDA9E9C973CE8C69650A2D66F8A496822AAC76FBBD4B23B779F9
                                                                                                                                                                          SHA-512:34C1977CEABEDA559AAD30E9162D3C4DEBCDD852EB3B79EF137739430479CDD0B6054D56973EECAA13B184596C42CB987DA26ED37D34DF34B7E7C8AF4F35D7CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1A84BCFAB89E78FD65597DBB6DEDC6ECA87B05E1F9B47ABDC62D1AD910BA86893B1F3895942A45176464D7D9FEC7BACF6A8B07D4191E028305DAD41F83806930++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):690
                                                                                                                                                                          Entropy (8bit):5.513710902007872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTofn0mzpNlBFjhoepkhn:7e9SlNLiafLYFv9KO4JGWIof9ZRcn0c+
                                                                                                                                                                          MD5:F70671A24786782017CD814AC6AC72C1
                                                                                                                                                                          SHA1:26F9AC77B1764AD13371B720A92F3A15158BEE40
                                                                                                                                                                          SHA-256:CD852B915D12B12640D3E5197CEB2D464A1B495CB78A3B6680C3F09EAD0ED91E
                                                                                                                                                                          SHA-512:AB57130DC2E669B486BE710A98AC90F37D0C27970EF2CE12D6F1ED2A544103AAD0FD166373A8D76F2E62B8A506233A4FCB5DBFBCCFFE3B4B85D7259E470C4E9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F9E40AAC3AB58D47F27C4E63326E01B8315CDD4E1995A9F361D05DD7B20E79F8EBE2F210A12CF91EBE35A4C492EF923C7A37BEBD67F790E5AA02D49BB75EF0EA++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):696
                                                                                                                                                                          Entropy (8bit):5.545555209314935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToq8TMJ81S1oQtZvrgn:7e9SlNLiafGv9KO48QWIuv9ZR3qr
                                                                                                                                                                          MD5:6968161BAA9545B01DDA30AF5FB7A36F
                                                                                                                                                                          SHA1:7E78CE16FE43653B060C217ED37A1CD65C38CD04
                                                                                                                                                                          SHA-256:148E55B8F85C7837B17520E2100AA5C2A8F956FBEACB18E84876F7C12A98C654
                                                                                                                                                                          SHA-512:2B47FD43A6BE7701B6EB24174EEB78251E194EE8764B04F0CF53CB33C063EE08DE6D535C1CD2033FCEBF36309E3797C76139014D4A2EE5773EF076DB6DFF77BD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//8776C33924D3DE44C8ADF4713EB85340482CAC0087E39DAE7CD3D05592F58E39FD4C4D7E36F383819137D5CFB5EEA1E8CE9717243D9763F93875A3834861584A++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719
                                                                                                                                                                          Entropy (8bit):5.935688545805366
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSuKxi7s6kfF6v9bgbi5ywbkLwT5zxjtDYv9wuRTopfLfT7XbP7:7e9uui7s/fsv9bg4ywWIv49ZRufLXbz
                                                                                                                                                                          MD5:80C3F7CF329979756A2483C61FDC94E0
                                                                                                                                                                          SHA1:4D789234D75ACF3E6876C742D7E4B2DB660E15A4
                                                                                                                                                                          SHA-256:77888F083FA21B5CFD2EB5CBE5C6407A7421BB04D76F127F49DD5BD426D1C572
                                                                                                                                                                          SHA-512:4C2C012A7D27C2C0DE54B1650D24AB7C909A871CEFF1410D1E2EB3BC9F8783F8928F812813D970AEA92D7989CF669771B7FFA18431A3132510D4CC459204D81A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "......",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F6E98D5300FA7FAC3CDBD26ECC83D725DB0761530427BCE04CAF85A01F83E6368A59F8EE59AAF5009800F25844EFB5700CEED010C18D0F0F99E2C31715A94B21++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):694
                                                                                                                                                                          Entropy (8bit):5.6689804706681635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToar0jJ5H91/f:7e9SlNLiafsv9KO4d1WIG49ZRhr0jP/f
                                                                                                                                                                          MD5:5BC62AD32578785B4E38CC765AD01B86
                                                                                                                                                                          SHA1:388C382BEDA295EDAA6ED522EFABF3F4F917976C
                                                                                                                                                                          SHA-256:888CB78E02C9F494C4C43B93D35379125379F52DD5EFCB9EF93B985142A2A710
                                                                                                                                                                          SHA-512:4DD4107512C06F65816C0926FA7E35BE8DEF88923C5EC14F3FEF175D579163BF1B8DFD73B3921E684F038B82B6D45D1BF43705F0BAAC266F3FF0EFAF33CAE0C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3BFEE6F1AAA6203888EACD212AA6EA71B5BEE9F5E25B2EBFBF7067F80AE1F91149DA1C89745A5D6C58244D823622DBDAD484EB12F3CCDC2A6A8C7775DA7229D1++

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\l10n.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 259320 bytes, 513 files, at 0x44 +A "\l10n.manifest" +A "\jslang\new-tab-res-toast-cs-CZ.js", flags 0x4, number 1, extra bytes 20 in head, 39 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270016
                                                                                                                                                                          Entropy (8bit):7.936612208642757
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:54vC5RltAOux9/RAVX/xTAOSOTZ42dNIoaPTCepCSVhoGIsMfhRMj8vAlx2FL/ih:2vMRl/9xMOPbsVbCepzwfEf2xiLLZ
                                                                                                                                                                          MD5:4C8E546D932FC567FA9A68C82F938E6E
                                                                                                                                                                          SHA1:498A252C3B26A6F3FF91CABA13FFEBB31AEB0298
                                                                                                                                                                          SHA-256:BC88EE7B453E250F66B4FBD42BFB76176AE98A30583742302D26477E3D422206
                                                                                                                                                                          SHA-512:B94D33BD7E2D1601C2A707014454B15BE8105C95460F9C78BEE766A0415FA30B8FE63D2B179F906B5E5C9B0BD50E70E04EEDBFCDFD1D1CA35DD1A8207C9E6860
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF............D................................)...........i..'..............YOq .\l10n.manifest.#..........Y.p .\jslang\new-tab-res-toast-cs-CZ.js.#..........Y.p .\jslang\new-tab-res-toast-da-DK.js.#..........Y.p .\jslang\new-tab-res-toast-de-DE.js.#..........Y.p .\jslang\new-tab-res-toast-el-GR.js.#...!......Y.p .\jslang\new-tab-res-toast-en-US.js.#...D......Y.p .\jslang\new-tab-res-toast-es-ES.js.#...g......Y.p .\jslang\new-tab-res-toast-es-MX.js.#..........Y.p .\jslang\new-tab-res-toast-fi-FI.js.#..........Y.p .\jslang\new-tab-res-toast-fr-CA.js.#..........Y.p .\jslang\new-tab-res-toast-fr-FR.js.#....".....Y.p .\jslang\new-tab-res-toast-hr-HR.js.#....&.....Y.p .\jslang\new-tab-res-toast-hu-HU.js.#...9).....Y.p .\jslang\new-tab-res-toast-it-IT.js.#...\,.....Y.p .\jslang\new-tab-res-toast-ja-JP.js.#..../.....Y.p .\jslang\new-tab-res-toast-ko-KR.js.#....2.....Y.p .\jslang\new-tab-res-toast-nb-NO.js.#....5.....Y.p .\jslang\new-tab-res-toast-nl-NL.js.#....8.....Y.p .\jslang\new-tab-re

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\logicmodule.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 1590193 bytes, 2 files, at 0x44 +A "\logicmodule.dll" +A "\logicmodule.manifest", flags 0x4, number 1, extra bytes 20 in head, 139 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1600889
                                                                                                                                                                          Entropy (8bit):7.99971035478572
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:KWXPgoXVPxkdAh2E2dwWj9Y+GA0cGtaPNxDqKchRBvLObiVPdsQI+Wn2ud:dIyPxk62dKA0cqQNfchvLvlsQI+E
                                                                                                                                                                          MD5:5CABC7883BB21C8BFF60D53E0EA36BCC
                                                                                                                                                                          SHA1:F70D4B8CBE253A7B9EC24F3763EC6FA3878EBD6F
                                                                                                                                                                          SHA-256:FDACD53DDA248588C1C33BD9292727BB489C3607155CE27362CB814C13496E9B
                                                                                                                                                                          SHA-512:009AEACAF6C57E533CCCF37BA62F8188BF183EFD6B57676A4731A001F1AA8AB657C731F0BB339D5A50EAD8D2194EF4048CD64A573BE03E230DA55BEA5098AA6F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF.....C......D............................C...)...................LE........YLq .\logicmodule.dll......LE....YVq .\logicmodule.manifest....3(+..[...9 .....@T.5........K...u.Z.U1......4,.v..".X.C......N..h.n...6Z!.a......Y,.".D.4CeX...W.w.w...........V..R......7..rXv7...*../8vs.yc...$........qz;...*/.1Pw2.$.....u$Fo......"^.x.... ...*.H....@h...h.j......g.g.|.N..K..M .h..D}.5.+.b".p.?W..wZ....z..l...b{.,...Y.r[..0..T.{.G{.....W....W......w.._..t.j.+W.~..{j....~j..ZY.......Myzs...........o.B|..*.....x....&O.?q3..Gu....,s.H1^.[..........h..t{.$..J....X...........m....&...U.z..u6.......^.J....l.K.....j.:C.[...~.J...F.......C./.gYS.s..;.>..=k....z.l_...<{.c3w..........9.....S..;.K....c.:._..O.,.4G.W/..............V..?./....n..z....\.....7..e..&uw.N.......}.....S|...s..Z.......>.f.Hz.....g..i.Q.[5.2.-.ek...m}.'.....\On..n|}...}...........1....~......1..T[..38*...X..v.*..>;.r...5+^.|`.n......./...-..).6..*.j.K..=..pH....4. ......j..o..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\logicscripts.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 43684 bytes, 25 files, at 0x44 +A "\logicscripts.manifest" +A "\logic\aj_logic.luc", flags 0x4, number 1, extra bytes 20 in head, 6 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54380
                                                                                                                                                                          Entropy (8bit):7.967541093183867
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:+69/cpr6gUcdL2uYcTaCRy6JT52f7gVPC2hSDXeNXJmZWP6jKoOh2Psc2EPZ:+sgUcdLuCIKTk0ML7eIlK7c1Z
                                                                                                                                                                          MD5:947535D9D40C5D9449ECD7D013DCAF9D
                                                                                                                                                                          SHA1:B3334CE8B2A03A390E4A8ACE1050909D2AB720D2
                                                                                                                                                                          SHA-256:F7B7CAE20366EBECEA2C85FDBC4414D68825351EA1863F60884CC0FB37301E87
                                                                                                                                                                          SHA-512:CEE30131D4A15ECF63B305480FD989E0B07D3BB82D25AB42D5AB408574DEE1237247A506D813432C4DABBF27629A8EDBB6433B68CE841A657AD6ECC21B77494B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF............D................................).............................YWq .\logicscripts.manifest.M..........YWq .\logic\aj_logic.luc.....9......YWq .\logic\base_provider.luc.....E......YWq .\logic\edge_onboarding.luc.v..........YWq .\logic\ff_monitor.luc.@...w;.....YWq .\logic\logic_loader.luc......F.....YWq .\logic\miscutils.luc.W&..~[.....YWq .\logic\oem_business_logic.luc.}.........YWq .\logic\providers_selector.luc.....R......YWq .\logic\ss_logic.luc.....Y......YWq .\logic\tests_logic.luc.f...P......YWq .\logic\type_tag_utils.luc...... .....YWq .\logic\usage_calculation.luc......(.....YWq .\logic\oem_utils\affid_monitor.luc.0..../.....YWq .\logic\oem_utils\oem_util.luc......1.....YWq .\logic\oem_utils\oem_utils_wps.luc.Q...KG.....YWq .\logic\oem_utils\oem_utils_wss.luc......P.....YWq .\logic\oem_utils\oem_util_selector.luc.>...<S.....YWq .\logic\providers\bing.luc..F..zi.....YWq .\logic\providers\yahoo.luc.t...[......YWq .\logic\smart_toasting\smart_toast_config_manager.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\main_close_large.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 13 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):440
                                                                                                                                                                          Entropy (8bit):7.185064395828422
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7Jmynud+EVDvBXmY5j9yEhcZxAalEbKWwz:vyGbVDvxJ5alnWwz
                                                                                                                                                                          MD5:3F33BF7A71F1A94B30AD98121F2DC31F
                                                                                                                                                                          SHA1:533B933BACBAE375164518AF202EB90086BEFC44
                                                                                                                                                                          SHA-256:4D3581315F5AB93538BEE793BA9727FC9E8444E9B09773566C4BDF0C44618828
                                                                                                                                                                          SHA-512:4E768ABACB878A5F9BE79B91E9BC77778F62AA4ACAEC4A246AB3359E86FF685250A1BA9E7765CE5174A42E5936CFAC27CB381B505F92F30EBF4B43806848899C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................sBIT....|.d.....pHYs...........~.....tEXtCreation Time.10/1/14........tEXtSoftware.Adobe Fireworks CS6......IDAT(...1K.a..........+ht...".96..\....M..f..9........ n....~.KK..o..~..g{8.:...I..D%...^..6V......w<K.......z.?..dk2..p.G.U.&...?..U.].m.O....L2.o.`<,.....k....|....L...Q._.<.....?(...[...lW...O.6....Z....r.q....Nr..p2.d._.w...1....F.....@..x....x.X..T./.H..w./.yrd.......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mcafee_pc_install_icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2052
                                                                                                                                                                          Entropy (8bit):7.890065571351557
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                          MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                          SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                          SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                          SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mcafee_pc_install_icon2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7205
                                                                                                                                                                          Entropy (8bit):7.9471260512499375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                          MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                          SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                          SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                          SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mcafeecerts.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (2293), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):126293
                                                                                                                                                                          Entropy (8bit):5.969613768259596
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:sY+8or+sWZ21Wzwtp31uRla7GTvfwjBobALAnr+sqDK7G3lq0lAE:dcPsjO31ui7GLjA8rPqDK7Gb
                                                                                                                                                                          MD5:D0CD30BD9B02F33B222FF8A846821D4B
                                                                                                                                                                          SHA1:DA85556707CB3FD59E08DF69017DF6BB82E52F62
                                                                                                                                                                          SHA-256:1CC3969AEF3DC3DC2330DB0386C6C27C09A58D078689D8D97D900A2B9ABE31A0
                                                                                                                                                                          SHA-512:6C1F9DE0897F02648638B26F20728C5F2E9822F8CAD232ED42ACC18F33AAE7E102C7A00E5D42B80C10E423DB937DC6AB783255342B12B0DB07B378508886C2ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" ?>..<Package Version="1">.. <Certificates>.. <Certificate Name="McAfee Trust:0">.. <Privilege>PRIVILEGE_IOCTL</Privilege>.. <Issuer>Microsoft Root Certificate Authority</Issuer>.. <Subject>Microsoft Code Signing PCA</Subject>.. <ValidFrom>20060125</ValidFrom>.. <ValidTo>20170125</ValidTo>.. <SerialNumber>6115082700000000000C</SerialNumber>.. <PublicKeyMD5>4A171B7E5701870357585DD1BAAD752C</PublicKeyMD5>.. <SHA1Thumbprint>FDD1314ED3268A95E198603BA8316FA63CBCD82D</SHA1Thumbprint>.. <Data>MIIGgTCCBGmgAwIBAgIKYRUIJwAAAAAADDANBgkqhkiG9w0BAQUFADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTI1MjMyMjMyWhcNMTcwMTI1MjMzMjMyWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQDExpNaWNyb3Nv

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mfw-mwb.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 10171 bytes, 6 files, at 0x44 +A "\mfw-mwb.manifest" +A "\packages\mwb\mwbhandler.luc", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20867
                                                                                                                                                                          Entropy (8bit):7.877341631586747
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CwziFKbAJ7q4Zolsgy3SpfLbZMeV7E96ki29d1ikEpTSJIVE8E9VF0NyOOj:CVlJOnqtCpfRMu442PsnK2ET
                                                                                                                                                                          MD5:1BF5917726859D01723B7C7D0C8E3401
                                                                                                                                                                          SHA1:983057A862D666936D66C869ACFBD36BD834381F
                                                                                                                                                                          SHA-256:FA356D5E1E483A5529B38A7AF7BA9D4E334A04154C2E4FA9DA77B1173CD238E5
                                                                                                                                                                          SHA-512:E8D9F74BC23F2625BBCBEDCBFFF2E2C613EDD83670E8C59069F3C790DA1004EB24AEA9148ACBE3BFDDD881466CAF587634219287D2C8F4A60C6BBB41BD30D44D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF.....'......D............................'...)..........m.......W..........YSq .\mfw-mwb.manifest.....W......YSq .\packages\mwb\mwbhandler.luc.3..........Y"k .\packages\mwb\stop-video-alert-icon.png..&.." .....YSq .\packages\mwb\wa-controller-mwb-checklist.js.^...%F.....YSq .\packages\mwb\wa-mwb-checklist.html......O.....Y"k .\packages\mwb\wb-rocket-icon.png...d"F&6Q[.....`...A..#..O...T.C.2...z..(QW....Z.j..$..C.;........_..|G..|..D...f........'.........K..5@....ZO...E....$.w}m9..}............5....^..Ma#..F;..[VcK=. ....... ..4#.Ef....n.n%......v....@.h@./..!....qr..8..A..,?.J@"..&n..........Q..._a5.x..`ri..8.&..P%..0...D...4tj`&z.I...#.[...D.0pG|S.3..w..".A...x....$m.A.......W.J.0B......R....&..UU.a@.? ..4....\J..{^.....'..9.eu.]2.k^..1.u.j.-....39.Ky....X.G..l.W..J[~.~..v5d...r.L.7T....y...-&....(...<....{.Y....d..&l.`...b...)p....}.....h.....=m....s.0#!...*w....sp.../..V..d.../.O...e.W....c>G.......f?=p...T~..{.y.Ec+......*... j.d......ET,.2.........9.PP$...

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mfw-nps.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 12420 bytes, 6 files, at 0x44 +A "\mfw-nps.manifest" +A "\packages\nps\clipboard.png", flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23116
                                                                                                                                                                          Entropy (8bit):7.897449731737562
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:9VwGeUVwizXYr9+6UXn9BXBg5Tu5zTOXI6ki29d1ikA1I2SJIVE8E9VF0NyaA4LC:9IUVwiziO5i5TaS72PsP02Ef4W
                                                                                                                                                                          MD5:E7D9075EE9B4A0DDD5E37997FED5BA32
                                                                                                                                                                          SHA1:3AA715350F76B7751625121D80C5DF61625435EA
                                                                                                                                                                          SHA-256:64AF2D604765B508C310E44477543954F797CD876813D1AEDFC1308980D651AD
                                                                                                                                                                          SHA-512:586FD1EC9509206F970440B94C3EC6D7AC1A11937B6A1749D0475812473EED79ED283D3BD977073274BD02D30703A002CFE0D12D69D293F61F6EF24C82829E21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF.....0......D............................0...)..........Z.......P..........YSq .\mfw-nps.manifest.k...P......Y"k .\packages\nps\clipboard.png.-..........Y"k .\packages\nps\info-16.png............YSq .\packages\nps\npshandler.luc..e..{/.....YSq .\packages\nps\wa-controller-nps-checklist.js............YSq .\packages\nps\wa-nps-checklist.html.....P*..[...............3.7.K... ^!.a...7...J. ^.....H.%..... !.........+.x/$....^%x.....J...My.s.[.F...'..{.p..A..................T...%.u......m.fomdl2sn..X[.....<.P....)...&.*.729......j...}..q...86.&.../B@...S.....zU...x.....jd.h.....C[;#.C/.l..g?.c.}1b!US3X.:av.?......<..>T..T..o..FA...'.7............w..|.!. .a..7-s..5...i....q....>.l..|..m.....4.;.r#Z>..#.../w.;.........7............nhW.j.}.k/.Oq...B;....4....~..9F7._~.*.Y..\.....8.._.l@.......;..?..g...E.~..3....;#...}.?.i2.m..2......._...B.....~x.]........>.N.N..7.(.7.;.......|..M.mh.h...K....../.~."...;.@;CM>L.@.|....). .@..=........... "...&?@..5.......

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mfw-webadvisor.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 778438 bytes, 176 files, at 0x44 +A "\mfw-webadvisor.manifest" +A "\packages\auxiliary\reset_handler.luc", flags 0x4, number 1, extra bytes 20 in head, 91 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):789134
                                                                                                                                                                          Entropy (8bit):7.99497056267783
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:qDvsTrmwn5S+tfRl6ZCFpbWIEQXUdMUcTZfmI4l+YonCgFRGyAytbg/QYcBeJbp+:q2pnBtfRk4FpbHGdMUo+6tFgbSb7BeJU
                                                                                                                                                                          MD5:DDA2017CC752902D620249ED1A22B205
                                                                                                                                                                          SHA1:327E24CF04B28C5EAF3DB9F2E05EB2AB9FBB8DD3
                                                                                                                                                                          SHA-256:C0B41A04E5FA665C31FB12BE474DDAD97EE2F470C3CC5633C517ADAB50BF3CAE
                                                                                                                                                                          SHA-512:CDC2226D7A12D536AFF17CEE663B11625A2C21997BC22E5270F1D996C284D6D94D7F7A2766672DBD7C60EB494ACC487EEFA5868CEE8B3E51782FC2BC89FAB865
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)...........+..[..............YQq .\mfw-webadvisor.manifest."..........YRq .\packages\auxiliary\reset_handler.luc............Y"k .\packages\builtin\balloon-arrow-right.png............Y"k .\packages\builtin\balloon-arrow.png..5.........Y"k .\packages\builtin\card_bg_image.png.8....L.....Y"k .\packages\builtin\close_icon.png.T....N.....Y"k .\packages\builtin\dialog-balloon-logo.png.....aT.....Y"k .\packages\builtin\edge_close.png..I..ZU.....Y"k .\packages\builtin\enable_ext_guide_ss.png..R..E......Y"k .\packages\builtin\enable_ext_guide_wa.png.d4..!......Y"k .\packages\builtin\enable_sideloaded_ext_guide.png..8...&.....Y"k .\packages\builtin\keep_changes_guide.png.W...J_.....Y"k .\packages\builtin\logomark_white.png......`.....Y"k .\packages\builtin\mc-logo-tm-bottom.png......f.....Y"k .\packages\builtin\mcafee-logo-1.png......l.....Y"k .\packages\builtin\mcafee-logo-2024.png.EP..Xr.....Y"k .\packages\builtin\open_sideloaded_ext_alert_guid

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\mfw.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 299121 bytes, 53 files, at 0x44 +A "\mfw.manifest" +A "\core\class.luc", flags 0x4, number 1, extra bytes 20 in head, 33 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):309817
                                                                                                                                                                          Entropy (8bit):7.9964591281715425
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:4PsfJaOdO7MsIVUqqDNRv2I13E7ZySrD1bHcEBa6Xc3OuV/b8W/46+T:vxE70VUXpRvB1UNySN8EBa6XMOuVj8WA
                                                                                                                                                                          MD5:E47EFBAA8572C26C8040AAE2738B246F
                                                                                                                                                                          SHA1:4DDB1AF4A2019BB459C0E71CBF493A4263FE08CA
                                                                                                                                                                          SHA-256:7FB7B0BE4FCC462DCC5FDE645B870694DE354CDA990EA4BD66B9EE8506701FA5
                                                                                                                                                                          SHA-512:171A9DBFC69ED456ABF20074696CE684B3BAB40447F90E549729AF010A6AEF0A211232F2C68BCD08D8585D3F223B254514F72E71F16EBFC245056649EA8FE2EA
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....q.......D...........5...............q....)..............!..............YQq .\mfw.manifest............YQq .\core\class.luc..'..H......YQq .\core\dkjson.luc.....B2.....YQq .\core\handlers.luc.....M;.....YQq .\core\init.luc.2...ND.....YQq .\core\json.luc......F.....YQq .\core\logger.luc.....;I.....YQq .\core\postinit.luc......M.....YQq .\core\priorityqueue.luc......R.....YQq .\core\triggeracceptor.luc......S.....YQq .\core\uiarbitratorhelper.luc......b.....YQq .\core\uihandler.luc.u...ng.....YQq .\core\uithreadexithandler.luc.Kw...k.....YQq .\core\win32helper.luc............YQq .\core\utils\browserutils.luc.r..........YQq .\core\utils\common_utils.luc.c...S......YQq .\core\utils\packageutils.luc............YQq .\core\utils\settingsdb.luc.}..........YQq .\core\utils\stringutils.luc.^...,......Y"k .\packages\builtin\green_check.png..>.........Y"k .\packages\builtin\icn_mshield.png.....mZ.....Y"k .\packages\builtin\installer_background.png..l..At.....YQq .\packages\builtin\jquery-1.9

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\poppins-light.ttf

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:TrueType Font data, 13 tables, 1st "GDEF", 19 names, Microsoft, language 0x409
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):159892
                                                                                                                                                                          Entropy (8bit):6.727831490585094
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:Kbo6bpQgbkPJrVtnmOIwXhRsJZzTzhUUfm3ustnayEsrCjScsd6XClVMfY:ipV8rtnxZRiJ9WKm31taHsMXsqw
                                                                                                                                                                          MD5:FCC40AE9A542D001971E53EAED948410
                                                                                                                                                                          SHA1:E247A92158E112F8BF7B638C8D95381D66B00DBB
                                                                                                                                                                          SHA-256:647F014D36822EF7E0413FFBB65598AE0CB57FB798E635C63912C93D94EB356A
                                                                                                                                                                          SHA-512:01E6B5B1B4F86BB52F363D49F5A57250B1C9905D7B2FAA45DEF87EA7C2784B0288AA48D4E006B04E993B761D235632264A3DAA6C64D60D425DC5100140E74605
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...........PGDEF.......X...@GPOS...[..#<....GSUB?....Y...&rOS/2.v........`cmap5.;.........glyf...........head..$Y... ...6hhea...L.......$hmtxG..K........loca.'.....l...Hmaxp...1....... name...+........post:.h...6..."......#.....y.............d...............d.........................!...........;_.<..................6............................................"."...y.z...}.}.........\._...g.l...s.s.....L.,.......X...K...X...^.2.G............................ITFO...........d.o.s ........"..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\poppins-regular.ttf

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:TrueType Font data, 13 tables, 1st "GDEF", 17 names, Microsoft, language 0x409
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):158240
                                                                                                                                                                          Entropy (8bit):6.749916892166723
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:iBLCaPkPJr9Q0T+GNqUESJ/8w/lF703hmTWH6lrGcRAbf9EpthYp0wf0IDh1jlG4:6LCY8zQjGfJ/AaHjxlzOk7gb3Va4J
                                                                                                                                                                          MD5:093EE89BE9EDE30383F39A899C485A82
                                                                                                                                                                          SHA1:FDD3002E7D814EE47C1C1B8487C72C6BBB3A2D00
                                                                                                                                                                          SHA-256:707FDC5C8BAB57A90061C6A8ED7B70D5FFB82FC810E994E79F90BACE890C255A
                                                                                                                                                                          SHA-512:4BE480DF0B639750483EB09229B4EDCFDCD16141EB95D92A3F28A13BF737146D7CC5DB6AD03A5CDE258F71B589E5310B6D9BC1563AC7B1D40408EEA236D96F4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...........PGDEF.......X...@GPOS.G!...#(....GSUB.'....Y...&tOS/2..w........`cmap5.;.........glyfQ..........head..$a... ...6hhea.u. .......$hmtxf..1........loca.#.....T...Hmaxp...,....... name............post:.h...7..."......#.....v.............d...............d.....n..................."...........S_.<..................6........)..................................."."...y.z...}.}.........\._...g.l...s.s.....S.........X...K...X...^.2.H............................ITFO...........d.o.s ........$..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\poppins-semibold.ttf

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:TrueType Font data, 13 tables, 1st "GDEF", 19 names, Microsoft, language 0x409
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):155232
                                                                                                                                                                          Entropy (8bit):6.739857306155488
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX
                                                                                                                                                                          MD5:6F1520D107205975713BA09DF778F93F
                                                                                                                                                                          SHA1:8A4ACE9392D06BCB7F8EA2F5169B07E4C383A90D
                                                                                                                                                                          SHA-256:248C0244B350EC68880996AA6BE6D7796274B49992D5FCBBEFE251906AA4EA36
                                                                                                                                                                          SHA-512:5E40D2EBE39605ED0C2D8BE022DD716E51B018E1BB0AE0101164E1E02BCF6B7CCA5EC0DA2EBCB533D959AE766AF8863B27D62EFBBA1755E9E8D45E7BCE51FA36
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...........PGDEF.......X...@GPOS-.....#X....GSUB=....Y...&vOS/2.z........`cmap5.;.........glyf.q>S...@....head..$n... ...6hhea.0.........$hmtx.B.$........loca.qX........Hmaxp...%....... name.. .........post:.h...70.."......#.....t.............d...............d.....8..................."........n.?/_.<..................6........C..................................."."...y.z...}.}.........\._...g.l...s.s.....b.X.......X...K...X...^.2.L............................ITFO...........d.o.s ........*..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\progress_check.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 98 x 97, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9635
                                                                                                                                                                          Entropy (8bit):7.971630978673207
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:eSkVYfbW3C2GLUk/EK0pL0Q+Izxgzakz5qYtUFrJopOiHicNsnXFNQO1:BkCTW3IwQEhpP+qyoYtXpOiCSeTQO1
                                                                                                                                                                          MD5:B7B4680D9A3CD75069209C711DD78AE5
                                                                                                                                                                          SHA1:8630ADF49BE5197C8BE7DE3064853B974EBCC40F
                                                                                                                                                                          SHA-256:B5A5812DA8C7E672AF1430BAE440E86D3563068934E4BBA8CBB0EAD0F963F714
                                                                                                                                                                          SHA-512:675FB67447459746699BFB35E39D6C5A48E059B1926E2DD25009B61F804E2F1404756AE73CCE5F6FC825E77FD004735F43E66A8258E85A40F980C2325A0B3DE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...b...a.....-1t.....pHYs.................sRGB.........gAMA......a...%8IDATx..}....`dV........-.[-..3.E.!.f.............A...am..X........`cN..........l......U.ygT.._..M.*+3222#3"2..7.3..^Z..h.aA.#t:... M..z.H.Gk..BH.c......u..j.wfz.\..V8.....b.}....^..uv.@...y.\v.P....[.o.........t....C.....&8......<.....W....!|$.h........L....d[......0..G..N. ..\...Mw....l.s.....B...y_Y...N. ...S..=.f..$p..rJ.!...f.=...S.......7...._3b}=...#Fu..........O../3T..L..3.e.\....|`k.8@.$.9.7|..N!.2A.#.]..#M.R/M.7...q..o..?q.]...6e=..G.&......j.(.P+.09. .E..z....;.]... ...F.....O.@N. .*x.....[..z....o.9...~....W..r ....t....4.i".....q.3....\.>.... .Y.&.JuuR.1..'Z.z.1.U....S....Ko.S..c.o....1.jW..7y...P*5n..W.U=C.{....../;....0v6...Y.......'M..K...o....nu*.....>r_...#e."..... q..bv..?....u.cu+.....-.*..fL.E`...s..=.....G....'E.....r._u.9.|...6."T..||/...t.....q:.Zh....OBx,&..o......gv.t/......ap..y_k...........#|../.......g....kV..F.`...!.[..wH

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\progress_error.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 97 x 97, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9167
                                                                                                                                                                          Entropy (8bit):7.966353314469126
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:LSgdj1ijBb2XcxmTaGGEWQtJO9gfSgdXl/pfywweHSZnda:+4j812XRcEBtJNtdvfg5nda
                                                                                                                                                                          MD5:8B09AF802EEF156F9466C3FBE5524BD2
                                                                                                                                                                          SHA1:B30DD8FCCC6ABE38C6215339319A61E8EE2DE6C8
                                                                                                                                                                          SHA-256:79A84DE2346F891575C8BBF2AE394492424736F2C611B3921B5B2ADBDDE5C31A
                                                                                                                                                                          SHA-512:7EB38602DE8748B3D8E722C437DB581003EF666CF32276A8D5BD7BA4C5E49C6D1861A590BAF7D4855C229F4918F147C03440FD8629DBEE068A26F494358D89B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...a...a............pHYs.................sRGB.........gAMA......a...#dIDATx..}....p......( (.j..7p..*.dq.5`tT@0...cLt...q.d2..g..9.#*.%9....3.9.."KTD.,f|...(....w..[uou..oa.S....T..[.nu.....`......#@.Ax..c...-..`......G.....2.I...28@A.......x...{...!..`..V....}w.. .gW..|.W...uW...z...|...i.m...D......F..(a.....5k<^~....+...y...>h....U..n...n.L0f&.'?..j.(.....a....?f.>U...wP.w..%.._...Jm...W.S.W!I.@.n.....zm...7............M=`....G'adu..'...;`g.>vS.L.f..oB.Y...ol\...Sz...0}..p....7C......2n7n.I..t.*.R.....lh.....K.L.}.{]...!Mg@G\O.N..{.'.._.t.... [v.A^.[.(w]r..Q.....t.|...{.......2...~....V...g.^UB.._.M.......L....n.U.R].v5..].B!D....r.T.m.67.....O...{........A....a......^....s.Q?B..fC+.C.}.n..A........l.]u..D.Z..6.m.K+h..x..l....)G..~w.|...v)..."n...{...~..78..m6.....W....Q.6u.~<.`.#.h ...5.2.B..k......zP...~.......O....e.....=..H...q$t..<F.w..w...;v.T.;u2...>;v..;......@(.A'c:3.{.9..y...^.m..^X'v[..R..a...;wF..e

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\resource.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27336
                                                                                                                                                                          Entropy (8bit):5.57578184442293
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UBhBT/W58RrB3M65lWHqXPDenaKb6ki29d1ikN42niSJIVE8E9VF0NyJlP:uBr3M65Kr22Psu/2ExP
                                                                                                                                                                          MD5:5E8BFBB3A3DC1E55C7D024E6C1ED51C5
                                                                                                                                                                          SHA1:5676951B6835B3426365F73A5FAF398BA705B611
                                                                                                                                                                          SHA-256:C5C3A970925D4BA60CE859F90ED37A206BD658B88F852BAC3B182BED75A9C9ED
                                                                                                                                                                          SHA-512:F14CDB2AF7B6FCAA7A3C675D512871AF019B83764E848B23EA765EB3B702BC36BF56B9D2D9B93898354F893F7819A706798B1EC3229559770159992C8E3F54FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L....XWg...........!...$.....>...............................................`......._....@.......................................... ..\:...........@...*..............p............................................................................rdata..x...........................@..@.rsrc...\:... ...<..................@..@.............XWg........o................XWg.........................XWg........l................XWg............................................RSDS../.|.zH.?.iDv......C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\Resource.pdb......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02....................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\resourcedll.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 27834 bytes, 3 files, at 0x44 +A "\resource.dll" +A "\resourcedll.manifest", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38530
                                                                                                                                                                          Entropy (8bit):7.954027041122931
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:BPTPipu6nDeFnJ8mfpiAFlRPJy5nG9hqKwIvylo2PsY2E7H:B7KEYDeFJ8mfpv5PJr9cPo7Yd
                                                                                                                                                                          MD5:B40FED403CC20AB93D2538D2CFDD1EB3
                                                                                                                                                                          SHA1:804E6C796769F113716C66F84849289ECC77CF92
                                                                                                                                                                          SHA-256:BA9DF47AD7A36C724204727E53DD3CBDACBBA3A581797345926762F99885D82D
                                                                                                                                                                          SHA-512:4ADFA6CF722544F71938F06B6559209788D2EC3780855A342569DB927E765A1EC675C935500ACF196F154FE2DE2DC23B2454656F8A818AEF9B172D4DE5A93F4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF.....l......D............................l...)...................j.........YLq .\resource.dll......j.....YOq .\resourcedll.manifest.4....p.....Y"k .\webadvisor.ico...t..8..[.... ..q..@..$Q.P...>...m..........F.Q.]N..D.,..*....Q(.RWBT.P.@..@Ff..............N...@,.T7...a`..].RK..wC.[de.{....z....g..F.].._..).QFeq. ...d............h...l{.}.....w.I6h.&a.!.h4.h....FF...Pc.k..... ...J0..#...S..B>.....+M"o:...6......1`.!..-....g..j.1K..w....trji*@'*.8:#.........3....r.....47.6.c..j.R.. .kg.4..A.....o.M\.-D......I.7,...G../}....x..{..=......].xB.~..."...]....\.M....>.DsK......)....J..E...y...m.-w...q]2..%.}..=.'..-........}...S=.&A......6...1.k.....S.s:.K.pe.Na.OX8...(..c..Z.P|........AB...~..]kt.......x.......k.P.8ptw.q..Q..<.W..O..1o-...p].o..Z..A....Ex..q)..'{..-.\... . ..=.Z...\.a.W-M....*.........i.S#...<..@.....f.P..=Hy..c.......>\y<.x.a......d..>.y..b.-.c.$..}.x......Z....8yQ.c...D..M.@l.....,iBH.x...!... .A$..M.A.Aha....D.{.B.A

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\servicehost.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 325651 bytes, 2 files, at 0x44 +A "\servicehost.exe" +A "\servicehost.manifest", flags 0x4, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):336347
                                                                                                                                                                          Entropy (8bit):7.998457346375142
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:mbbCLH8RBLMUtQl5vbMTCcl3ahyMsCjR9ytMtO8tLjs8NYxkjS:k8cHMUSl5zROKhFytMtO8tk8NYxH
                                                                                                                                                                          MD5:208D8F91316603869AD394B8688FCFF0
                                                                                                                                                                          SHA1:649BB6533989CB329055C85D6AE5289911853311
                                                                                                                                                                          SHA-256:C461B03530D9417E38CA660CFEBB72AC0BC04CF02A5394A7E006711AE26C0B12
                                                                                                                                                                          SHA-512:19AE6EF1D5DB23BFED14A554D9166F55DDED95725A81EC73434D422962C09D303181658F0D33486F9646420121839248313484C6C619625D00646F929A7D3FDA
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)...................!.........YBq .\servicehost.exe......!.....YLq .\servicehost.manifest.\......[.... .1....C.%"....)......^RY....A.JA.F..d(....h..&;..;.....&'... '?.~.=....6....M[..;.i.......^U. 3.........z?.^{.H.h...A..:'M..A.....TrWy...&.M.....A.Au|.F..v^...R@.J.2.D#.I.3.uH........... ..1...7...)............._..^.o6._.....<...?G.....W.....p.V....L...d\'.....^y....m...n......._H.].I.n....n![........j._.).........C...*.O...w......lR.=..W..v.|......v....^..*._V'.7..r.......p....m.8.WXE........m~...)....w?i.4.s....}{.....w..6....o....M._J...vw....S..l.v..\.x.x.........fk.._:........l.^......7.7......[....[2.....>^~.3.............V.|._OwW...t.S.$.-....i=...W....S...v+....xR.-......b.&.q....o.n..]....c......?>.w..$?...z-...{...Y...O.I...9....:.K.Mh..j....{..g.d.o.{..E..Z..>.i..M...5....3Nf.:.........E....f..;|...q...mc>.~..S?..M..7.)...I...o.>.<p._T.........g....../..6.mrn...x..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\settingmanager.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 792715 bytes, 2 files, at 0x44 +A "\settingmanager.dll" +A "\settingmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 61 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803411
                                                                                                                                                                          Entropy (8bit):7.99959252090515
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:5m726vX8g2LmrswYCCNzEkzEtGMkkSKEZmqfzcVALFLc3nZDeg10emzCkc2w4G:5AqL1wo5EkcHE5c0qnReGmzCQw4G
                                                                                                                                                                          MD5:2EB5A010C9B9ACC0AE15E0C5480DA20F
                                                                                                                                                                          SHA1:1021994A4B7D59347A112A26F298DF0DBE694834
                                                                                                                                                                          SHA-256:9F6674151FCD2E4842247436D90AAB310F85BE8D7F7F41886A2A73DA05E103C8
                                                                                                                                                                          SHA-512:4BA98F9290D052172EEAE47DC469E91EDA2CBF92F5CFFE5ADDAB0A00A548AA706A88C095741FA5182378EAD7E32922FCE3370C7C4EAAF0886999F136EEABD8FF
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)..............=....'.........YCq .\settingmanager.dll......'.....YNq .\settingmanager.manifest.?.......[.... x....GR.4".....~..sO...]RI..Z...d.9....WN...\j......fa.lQ..e@..f.=...5y7..;.Uxs...}...n...o.@<F..f.......{.{....w.....O.[.M..E.X8.5...X..M..8.0......q..+....sP. TZ@........#..}..P.. ..j......w..w7.....%.*f.... b..'7.]_...^...rM4........3..{[...SW..i..2........{.....}..:.7.\.O&:......?....l/_.x...|../.M.nk.>....g.o.[b.w..q....U..M...d....._O..mzm..!.N.w.v.e....t.u.n>....ry.N=.}o.e...qc...)...`.6o.......g....b....k..........>7....]$....T..?..m9..m.w..?...2....{6..{y'.hC3.....K|..'.z..o..6......>.}..,s..u..[2W.i$;...._.~....m.&...^r..m...~..........l.&.s6..ij..O{......}.......]/(...d..~w....6.....f.>.....o.W......p./.........6.........+..m.{.K......}.Q...mj.&v..<.bF.....x........N.n..w.o{<..n...%}...x|}......Y_... .w.M.7......<......~J....u...;....m...+.-w>.....=...........]...}..2....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\taskmanager.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 3084243 bytes, 3 files, at 0x44 +A "\microsoftedgewebview2setup.exe" +A "\taskmanager.dll", flags 0x4, number 1, extra bytes 20 in head, 185 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3094939
                                                                                                                                                                          Entropy (8bit):7.999887057255646
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:3y3xnx08sXqiQVLyAQ6l7xcha+PVhtnHQ02CnCaxEYC8DPPA6tjfqA5qFvNTH/:ipx08sXRzH6l7xktNQ0/nC8bDPbBfl0N
                                                                                                                                                                          MD5:911ACE2C29FF8EFF71661A1D40899F5A
                                                                                                                                                                          SHA1:45134612E4211FD9DDF096DC0FD1A23C6FD8DF7F
                                                                                                                                                                          SHA-256:D382E4573197AB894D6D89F7807CF277B78910429D136DACE3DF13F4BC89361B
                                                                                                                                                                          SHA-512:9BD6586A965673078F3B1F507E8A55638FD7C6A48F9A43A0DF3BB5BFF774DA9F40F4F4E7B0924493E84EA6211C1E998F4E135FA1D9E8F6E6CB977DDA042FBD51
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....../.....D............................./..).................. ?.........Y.p .\microsoftedgewebview2setup.exe.8.@. ?.....YJq .\taskmanager.dll.....X.\....YNq .\taskmanager.manifest......I..[........."S`$..........XY.....$.$B9f.....0`..u$.*.V..w..g;`.......l.........d*<.*......@H..E..F..h....m.l.m...sy;3...r.....g....~.....ml..<hm.......@y.`7m66..-Vp...[Xm......b..`...Zq..7...f.....71K4..\......#.TD.U.E.{{..f..]...BeD0 d"...t@@..A....pr....B0"`Qy.rS..>a.5..@..u...*n...D....7..W+=.W.h.~.[?..SQ}o..I4....*.....vQo..w.K.O.Uj./......Q.?....T.^...l..'P........>.1....-....../...~....y=.~e....c...nVX./..U....4.o....T..O.....;..R..!..`.{l.....Cr.?.7:.Q.....+5.....>Z...,j.|.....-..L..+0.<L}..Ecc...V9s.kq..u.8.KUb...7.w..l..d?..`....K..+Kc.h.=F...~...\...\F.....j3.<.g..r.4.\zO..v.-..;..:.\..wdH&....AU...z.....0W\ X.'5W.J`>...z.......}..dr.."...*V....H.EI..[.A`.$[.fS ...z...^.Ez.....9..h..'.....6../.ut..(.c....0.b*.....'.dz0.!.`.....F~Z.....y...&.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\uihost.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 320923 bytes, 2 files, at 0x44 +A "\uihost.exe" +A "\uihost.manifest", flags 0x4, number 1, extra bytes 20 in head, 28 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):331619
                                                                                                                                                                          Entropy (8bit):7.998741872658551
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:ZCErdbWdAgQYM+E7K1G8bi+KgrK5BkgmjP6cz2r37a+Winmk4FlDJ1BakHeW:guCdeYdTdYB5u87aimkqtJ18K
                                                                                                                                                                          MD5:4981CD63B9694AE01D847DD6062B4710
                                                                                                                                                                          SHA1:4D7DB8426680D83F00A947117F6AEA2F93F51B68
                                                                                                                                                                          SHA-256:ED3AA972B8CA5CB4D8BFBD5A64899B0E94A6774A8EAF7A07F33C042542B5B5B5
                                                                                                                                                                          SHA-512:43E8F81E26B665BC25B6DCEF5BE72D942273A51B4B246180A29A65FA536432150507BEEEB8B9BBCC1F7AF010D430B2F4C976A139AACC4181A5BAD95207060FE1
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)..................(..........YLq .\uihost.exe.-...(......YPq .\uihost.manifest..K.<....[.... ......C.%"....i.+./-.....2..AF9....<.E...L.BG.s2L8H..1mt. .s.w....w..........M..H."}.Mv.&.2.B..........y?....]w{........2..o"T...d.u.nZwo7yW/.-....a.....Q.....^&..0$...A...O........A...5.EdPF.........A..iI.[...7.....6^_.W].Wx..6......[.4....~a6..G.'..$.....].M7.%.H..<.Q.A......2..R.%n.^....Y/.3....i..nys..6.!n.....#...a....e'.r.{.:.&.y/h......M8..c.....e.9.7.q..C.\....y7N......m.../.v.M^..k}...&..............G'.o.S5......m3..>..\2..........a.r.T...GL'...~..U......).:...zz?....t...b~J..%.$2..=.........~|CH.Yt...omd56.......w<;O......+..............&y.;.......1..S....E.q.h..%"u.!y...OI.?.oKo..&.K>.....x>}.ru............^}.m....>.=]....Y.4..xj....&.g$...s./.._.<...}pi-l..Z.....q&lc...=....:.......U...{../...~...}..6...;O..3....G.\t.U>.e>.|...9i.....C.?.=.........y..{k..o*..........q.v.*......wo

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\uimanager.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 1903517 bytes, 2 files, at 0x44 +A "\uimanager.dll" +A "\uimanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 179 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1914213
                                                                                                                                                                          Entropy (8bit):7.999667338831825
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:yKMiSSfA6FHbmpr7uesuCOsMtjXelk0ctCzF/B:9MiSSPHq+elnsMtj8VcczF/B
                                                                                                                                                                          MD5:ADF2753456668E23BF3E9742A3BB2005
                                                                                                                                                                          SHA1:588A8DCF581EFE21F9BB85103B7E64D5C2126E26
                                                                                                                                                                          SHA-256:18127EED598C2244A0A8BAB993047E1226A6C3AD83D2F50D1D69522F99B14BD2
                                                                                                                                                                          SHA-512:4D5CDFB9762586A725BAC4300D8616CEA846641AE73F39B7EA9216C175F819E0DA8866EACDF4BC73D22DC43B67723A93E44F50C0B7EF4C67635209C643A3BEA6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF............D................................)..................X7Y........YLq .\uimanager.dll.)...X7Y....YPq .\uimanager.manifest.....;..[...W h`...@D.0.....[..Ve.........h.bh......Qb..1Z.^.....z........a.....E..........Df..j......=..............#..Xn..]......."g.ZEN..>...s.$.cn...,O"n\.,..N9O.#c.m...I...I.7...b..5k.....-.T...,.@...AU.@..U......".""(..".9}..W....`556/..j..Dh[....D.....h.@.X.T..n.Q..n....0.M.~.;..=`..N>.4S..."....}o\./....;...tv...x....O....t....t{..n6+..vT..*g.s.....%.r1.4..fL.E.7nV&O...Sf....u....u..Jj..K.9.,.{^.[..........^?.w.L9..W..{.....T.].....w/B...&........vf.+...^...=f.j...\..}.....J...6..^|O._......-.>z..Z.@.k,.L.m......../..07..,o;.a.z...{..G.....hE.`..G.7.....F..g......ZY.)......7...W.?.~1...9....vK..M...oFs...P.A..b...?..........%.......r........E..........=....m.j.l,..v....?L..-.}t=....a.;{.......r.o...?I._.......? .v9.,.w...@.J.]j.$.......<....r1...=e....S"ZM..f=.W.~.U2;..Y.i..4n..... Ktk....muOa..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\uninstaller.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 1060402 bytes, 5 files, at 0x44 +A "\uninstaller.exe" +A "\uninstaller.manifest", flags 0x4, number 1, extra bytes 20 in head, 93 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1071098
                                                                                                                                                                          Entropy (8bit):7.999586558542834
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:t3FJD195W15hAfcyKEB2rxIoS8VvGwX8wWqIhVi15fUmB:t3Fp0BA0y9ySgOwX2hQ1Fz
                                                                                                                                                                          MD5:E50E13A73D3DBCF71FB24D60551EACE5
                                                                                                                                                                          SHA1:5C182CFBFEF403A6D6D9A08B204E981B0B7C9C7A
                                                                                                                                                                          SHA-256:73C1C4DF12FE3B41CF6C93B7386C7ABEA7A6B4B2DCA8B38F677FB0AD5638D82E
                                                                                                                                                                          SHA-512:6ED8B0F3E276E2B7055081062F65B30EC8EAB038462FD876B453B87756BDDC17D44DBBE07F6E8E614F9F3779C6EEA0F9E29A9D5F1719FD4DC46122F8E9C8666C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....2.......D...........................2....)..............]...0.-........YLq .\uninstaller.exe.u...0.-....YSq .\uninstaller.manifest..&....-....YSq .\wa-ui-uninstall.js.....].-....YSq .\wa-uninstall.css.....C......YSq .\wa-uninstall.html...K..)..[...! .S...@..%.....[_.l=k.m.lS.k.(rc..r{_.:._...\h.:E....Bs.+.v.Q....u..n..w.R;....D 3CuF.g`....s.{.n.g.G...W.@..uE"A..$y..u..$..M....[d...EH.....\.yy.4..;q..B.$D...iX.....t7y.Dy.+.......U..@U../(.........2+...o.s}.T.4...U..;..h..S. ....;........EU%U.K.QG.;...7.u.3.!W*.j............r...^.....r^......]s....M......B.W_l.<..g..]...Gjf.>..G..{.:b...=:....t..].S@v~.fs.<...K...5..%..&.........u..]L__C.9/.c.umR.[.*d.\.z)U.U..ZJ...Z)........Y%g.BHDCU.j..V..5<.._........P.Q.Y..+.............:../5.l..<.sew..~K.7..;..6...j...o.......v.M..`..6]..w..J_m...G..5.bV[t....-.....*.}....ySP....U...B..x.......s.4~...rb,...............tV=.u.M.a.R..;.....w..-..s.....i.7zk.]...wT....n......o_.up:*.>\.?.u...%.'..L

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\updater.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 975981 bytes, 2 files, at 0x44 +A "\updater.exe" +A "\updater.manifest", flags 0x4, number 1, extra bytes 20 in head, 85 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):986677
                                                                                                                                                                          Entropy (8bit):7.99956639708756
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:RBd9puI1ziTB2EmlSFYf0wqb+mrB35oxdRpE:R3uIFETmf1aadE
                                                                                                                                                                          MD5:78C722BE85852E553B64D8712469F279
                                                                                                                                                                          SHA1:B1E77B8C1D0CF642B97DEB769479B5B1204B7D39
                                                                                                                                                                          SHA-256:01FA1D5C7E9C064C8128CFD753C391D617C9781095A9A5E97B36E765ABA5DF5A
                                                                                                                                                                          SHA-512:0FF015BC2A44D4BC9B6EEBC6C666ABFF176F84F268E095DE03614CD672C3A6416E9904375D82763ECA5A697383FFB34796CD96B8E9DF81E39B88D25AA0732730
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....m.......D...........................m....)..............U.....)........YLq .\updater.exe.......)....YSq .\updater.manifest.9....)..[.... .....@..4.......}.Z......(.....6(...b..hi...N..h...W'.v.KM....F...Fl~.R2g..ff.f......w...W....-..I..(....E....M....j.$....W|.m.$.Yg............J.. h4.....8&....".L.(2.,..~. .I0.......H....3*.3y.........Jk5.Z.v$.8......2.6...J.......J.wII5X....M..])...r.<...5...v^.duX..k...9.\o..v_.d...%..W2m..........?i.H?z...5..._u,.Wi.0......'..L..?.S.C..m....gl...?..H[........._W;..I....0y.i9g{UT)...y..MZV..*.?..>...k........Z.F/....#V......S.l..~.aG..P...+M.p..{...s.JQ.\J.x..|..$.+.g.0.g..o...`...~.m.....^.....2h....g;O...c..l ...o.o.m....?.d...K.s.vz...{\b..y......dKl._.]u..]....x......N......l+.=.`.|W.s[.s....n..M.:UN..)..]X.l]].....N..om.n........37..Z.......))..Q`y..E...+%....z...^6..E..`>......C2.....]...a......hx.....4....._.1na.....y<;N....:.....O.Y..vT{}...q...+.....T.1.......~..zP.v..*..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-common.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34082
                                                                                                                                                                          Entropy (8bit):6.048810099348607
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZW:E9DDI6thXjez1jtn9
                                                                                                                                                                          MD5:BED2FF23927C34F86C480203AA7F87A0
                                                                                                                                                                          SHA1:90B1B32D7A9CEECCD555D674582CB8AEE64E8909
                                                                                                                                                                          SHA-256:9D7AC9A5AE897E993C0B6BAD468F56BF3B6CEFCFEAAD6FD2307CF8370945A2C2
                                                                                                                                                                          SHA-512:6538FEDBC2DCE5EAF944CBD18F93783CDBFDC2920726A3509D0686BD062793B422AE6C6F67DFB0C344AC3E084F8B1F10425FA4636D1BA0FBD9E2ACE86EA6AE83
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-core.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26093
                                                                                                                                                                          Entropy (8bit):4.7761022291638975
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:J+6T4vNmgN8k0+yycVCI6z0jG7RXDX43UMRmvm/A:aDIpI
                                                                                                                                                                          MD5:F43DEE507EB2DF869CB73160D95D37C0
                                                                                                                                                                          SHA1:F58C1E59B243C7A26899DAE98F5EE4A2D9BDEA0D
                                                                                                                                                                          SHA-256:BCFED78D2CF2398723A9692B56C975E69B8688878444EFA90C8189F442275BBF
                                                                                                                                                                          SHA-512:7CEFD72CC1D4867C6EADB101C0D96BB0E4F2E0B911FE91723C25BD61352F165D8ECD1440549BA08B490A97EDB59360A8F681B8341F779680DA036C4D8D189444
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-install.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65472), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):636601
                                                                                                                                                                          Entropy (8bit):5.63060729988193
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:XKNvSkRBq880BAA0967ktah2IdSv5543cKNLNNVN56wOr7MdRhPEceKr1GPHte7t:628L4LItv7
                                                                                                                                                                          MD5:32190953AE1D851EBA731EB250147E34
                                                                                                                                                                          SHA1:E1D0DEB689A194648C7B88C08968F50A6581C369
                                                                                                                                                                          SHA-256:7FD09C7D1237844150EEF67CB08DBAC2E7348E45C21E815E581FDCE10F73DD73
                                                                                                                                                                          SHA-512:3F520F1D597C4875E76530EA694816245A0CB2BA48C80B8F5E439640E4BE99C24A48B464ECD335A3E2CF77163AB81C985CE874C055F1A39FC0592890776A644E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Poppins Light */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1PuAPdbAAAjPAAAE7pHU1VCP5XTjAAAWZAAACZyT1MvMtmIduQAAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmpQ0L6QAAgAQAAfCQaGVhZBrmJFkAAAEgAAAANmhoZWEMkgZMAAAA/AAAACRobXR4R+vvSwAAErQAABCIbG9jYYQn/AsAAApsAAAISG1heHAEpQExAAAA3AAAACBuYW1lvgkdKwAABMwAAAWecG9zdDq/aJsAADb4AAAilQABAAAEIwCXAAwAeQAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAoD/fL5hQofAAEAAAAAAAAAAAAAAAAAAAQhAAEAAAAEAQYZH5g7Xw889QADA+gAAAAA2KSpuwAAAADbFjbL/fL9zAofBB0AAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDTAEsAAUAAAKKAlgAAABLAooCWAAAAV4AMgFHAAAAAAQAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACIgK8AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQkUCSgJMAkzCTkJRQlJCU0JUAleCWUJbwlwCXIehR69HvMe+SANIBQgGiAeICIgJiAwIDogRCCoIKwguiC

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-install.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1223
                                                                                                                                                                          Entropy (8bit):5.186885559675722
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csYz7A2NVMz71Mz7FMzrVMzPVMz6LVMCo7jOWwV601:3O7A2meCeiCoHOrL
                                                                                                                                                                          MD5:A48CD7866D67064133CA40332E1AEBA2
                                                                                                                                                                          SHA1:690E6F818F41E2F0C5850453471920656652120B
                                                                                                                                                                          SHA-256:FCB36430BE30A6B2CFEDBAA99D2FFBA2A294AE0EC1357D182529E3704A2BC293
                                                                                                                                                                          SHA-512:6D610D0973DE74F313489078DB0E1D407F7656ECA275EC8A8FB312791F639411D80A8C91B2F1C74F42AC987AA94253804736DEF657B13D652F73D208FFE3F4B3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-install.css" />.. <script type="text/javascript" src="wacore:jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-install-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:wa-utils.js"></script>.. <script type="text/javascript" src="wacore:wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-install.js"></script>..</head>..<body onselectstart="return false">.. <div id="wa-installer">.. <div class="header">.. </div>.. <div class="content">..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-ui-install.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):19374
                                                                                                                                                                          Entropy (8bit):3.839664034038164
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:GVtiD5/K2joI8nXfzdM5cwwrbIVWw5ujfIGNELDoXpNxx:GVYjoICvGCnvP
                                                                                                                                                                          MD5:1A7B7910DA9584DA8D5B303DAE809BEC
                                                                                                                                                                          SHA1:9D624FB44988CF08F1641DFC69B4365ACD0FEE2C
                                                                                                                                                                          SHA-256:1DFE0D8D41907999AF6B9C0757FA924B46BE1FE175DA58D68EA3B3AE364B29D5
                                                                                                                                                                          SHA-512:516CD3BC185F746DF52D9D64E81E8CC57DF1F90382934557A1B5B785919CB2E3117C19AB42D10C27B88E42B3761DB4892CB126BF3B85D41037178E7FBF8B4C80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Installer UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.INSTALL).get,.. _window = wa.Core.Window,.. _external = window.external;.... ui.Installer = function () {.. var buttonId = "wa-installer-button",.. _this = this,.. RC_INSTALL_ERROR = -1,.. RC_INSTALL_DOWNGRADE = -2,.... open = function () {.. _window.ready(function () {.. //check preconditions.. var productName = wa.Core.WebAdvisor.getProductName();.. if (!_external.CheckDoWeMeetOSRequirements()) {.. _external.SetInstallResult(RC_INSTALL_ERROR);.. _external.ShowMessageBox(_l("ERROR_TITLE_CANT_CONTINUE"),.. _l("ERROR_OS_REQUIREMENTS"));.. _instrument.log("Installer",

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa-utils.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16591
                                                                                                                                                                          Entropy (8bit):4.419418555736827
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:BZwBjFVz+j5csy4h11lidEaCaNz4UcEm7damvbat2RSFZC9On/7W:WBQj5csy4DIE3oUUmMmvbaHC
                                                                                                                                                                          MD5:FD128D0E27CD53B6F4AF938B28CD9196
                                                                                                                                                                          SHA1:8A5BBCF6B9D04E3BA1C8A5B54DDC78167A8ACFF3
                                                                                                                                                                          SHA-256:01923E4F4B2E16D2A870B6B1447FC9CC95CC2DF680CBDD5DF389A067DCBD30B8
                                                                                                                                                                          SHA-512:C785D2A6BF15CD5B109AF02118F2C69E7D51B58BD025B2227168B41EEB2F10B4B711F27052EF52F247F06A9DCC7292674D84C9070E5A1F1343C3F8BE67024F87
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {}

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_check.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):558
                                                                                                                                                                          Entropy (8bit):7.494810764492959
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                          MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                          SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                          SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                          SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_check2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):785
                                                                                                                                                                          Entropy (8bit):6.380231936591206
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                          MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                          SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                          SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                          SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                          Entropy (8bit):7.1140535970703365
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                          MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                          SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                          SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                          SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_close2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):272
                                                                                                                                                                          Entropy (8bit):6.591404605834916
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                          MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                          SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                          SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                          SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_close3.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):404
                                                                                                                                                                          Entropy (8bit):7.033473403283132
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/75/6Ts/THdCug1JmIiSJgH0Htx7n6u3GvewiSulgs7:I/6WHdVgOSJ8ivnb2vXiSulgm
                                                                                                                                                                          MD5:958DBAA93BCDEADA1D578CB7AE159E1B
                                                                                                                                                                          SHA1:15B954D2E439A725CFE04FF14D16938BB928E937
                                                                                                                                                                          SHA-256:DAA47D81BEC1A30312B994269EF408222094C826661FFB655C2CBCEE25A695C0
                                                                                                                                                                          SHA-512:DF2EF3DEEE9ABF2E1E61A00419228D66492D0E36389D01AA9E9599F9B19AC72133068ADEF5A1E1D7F2E790ADF91D057568C0091C71DC284A0A6D89206738B57F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............c....pHYs.................sRGB.........gAMA......a....)IDATx..=N.@..g..(}.JJ.%.2..::Bk.9..>.PQSRA.+.L..K..J.d9.......j<.O..f.&......OR.Y.$....k.0^y=DQ.....@...'GB.y.....L....Y].!.'....j.....y.>.8.......!C.1.-......1....u..@.@...X:..b.........i.....m.b.e...H.D....ey..5:GJ.....t....M...O..BA..Wo...?.s.\g...?..\s...O.I.t..u......W...UO.&)..E..........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_error.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):428
                                                                                                                                                                          Entropy (8bit):7.367179920202989
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                          MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                          SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                          SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                          SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_install_icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 107 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4418
                                                                                                                                                                          Entropy (8bit):7.945868276745926
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:BSXpPtcN4jQ/l2TW7NCXY5VudzavDXNuN+BOokaUxV0MBhtsW:BS5Ptl7T6NUBSX8N+BOXvV0qAW
                                                                                                                                                                          MD5:85731024186630DC2090EA039BC46BAF
                                                                                                                                                                          SHA1:1AFFCA914FE3D2EDE59753D85F0F75AD88EFC1FB
                                                                                                                                                                          SHA-256:0DC43266D3BBE9D952FEAF46E816E3F3C80C3425AF795D7C41FB5647C80A2FF5
                                                                                                                                                                          SHA-512:D7FE98C43463647DEBD42F7A79128AC681F89355244546DAE5CB924123CC1EFF0B18F71D9A50EE6BE3A4903B417B63C1665E20A19CB35435CFD6B7A7671321D4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...k...l.....m.L.....pHYs.................sRGB.........gAMA......a.....IDATx..kp..u.........I).)...m....Nj.-...V..L..C.Q.O.4iBu.f.G.$..C=..d......7...+}L;.......X..t..I....x?vs...."w...P..P.....s.....&&&&&&&&&&&&&&w(...J.'..'.g........m@S....6...D. .....G.<...V....+..{......Ihx....A..1A.._..X.a\Qr.(..;.;...4.X..D.8.Y.Q..gL.3...u6.X.... ......b.e.).|...9...!......:..Z.V..,.n..T,vw.(..M....V.tz?p.[........z...]..nU.&....E.&........W..Y.:F....+..6.".3V.rZ.z.2V..X...nDs.Mz..$.h=.b..`>..^....Qo.hh..jLM.JG..).c.j..H|VQ.../j.!n042..6(*J.....|R...o...._{^.F.}..PV$'.y.z.*.Z....D..Pt..P6./..I..j.V..4.........._~.......*...0x'.%.....?...au.J.."..#.<.U.F.XP....n..eeD.P.i(....,....t...#p......NG..E...~..?(l+..%...&.....>A.h.L...?...........a..&.b...K..$[..\<.9.D3 ..Z..J..N@..P-.$.s; ..v...=..B.J....%.....i.J"..k. ....V./Z.Y.......wQ$.6.Q..B..Z#.... [...P.q#..zC7.]Y.F..s.s=(..%..T@Eb..p....J.$..B.T&........lp.B.{..2.y%i.s......

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5361
                                                                                                                                                                          Entropy (8bit):7.956335361585333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                          MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                          SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                          SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                          SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_logo2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2938
                                                                                                                                                                          Entropy (8bit):7.909981061900822
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                          MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                          SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                          SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                          SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wa_logo3.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:PNG image data, 170 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2441
                                                                                                                                                                          Entropy (8bit):7.882452566815817
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:g/6K2jqFIKOQuXlTw1zVYFZJ73pnzqE+RKtsMI8ZoHptP65FLdi:gStjoOQFy3p3Vf+oyp8CO5Pi
                                                                                                                                                                          MD5:71612012982B1C220E7A4BA5F6099D89
                                                                                                                                                                          SHA1:FAA7AEFFBD02AB94767039A2B2E35EF9CF3450E1
                                                                                                                                                                          SHA-256:4EB38967FF6BA50EFBCD918875A997B26776A6884AD6A04E00405414D7721B11
                                                                                                                                                                          SHA-512:AC5A5C1033BE2A9DD626DF26FAE52D4A161DF964B791A3562568ADD58AF802A9A6443BF59C9385023E20AB3A8EEC06579D88833D61FD444105E318CAF885221F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................?....pHYs.................sRGB.........gAMA......a.....IDATx..ZMR#...j.F.... ...'....5'.8......'.9...#N....O0.c.{1z..H......j.z.Fb..B...*++.*..3l4...%c7..u`...WI....\.....2h.l..s...g.A?.z..k...<..nb..I....y..(.L..G..2.a.uj....mc..c....f..j. p...w..k.Y{.2.....w..x..iB...wwO+h....y./.Y.@..6..vw..].y.......l@.....Tt....U...v!@....rt.Q.~..S.Z.......vw..&....._.8...+th....s..I...7hc.}...(.x,k^d.1..............>............8.}.\..s.V...-..)._..g..E.......M1.C..)..3.xx...........?...B......H...%.c..e...htf6.EP.....I.C.bLGX.*...8....]..U.......m..7....r_...............o.....q.^..?Q.r.*.B.#.].>.|../^......k.@@MV.'fEP.o.s..u.#.....].q.X..C.....q\o"k..C.....|gU...&TtI..g....O....Y..p3~.W.....??..).Q4..v|.Z...g.qy@aE.x=..=0...s...J.n.....(..V.3........<....."Hk...NWb..w(....m..%z[..{^.S.J.0?y...}0Q.B..`..e.xO.........E..........W....4..B..'.."..p.......m.M%.ZT...O.a.Q.W%..9h.VJ..Q.wTF.......I....E.$<....C.[,.%l..,...Q...Z....~.mG-ya

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\webadvisor.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 1223 bytes, 1 file, at 0x44 +A "\webadvisor.manifest", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11919
                                                                                                                                                                          Entropy (8bit):7.688335463848691
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:3Dyyj6kSDnicM9Lx76iiX0in1k7IEY9x8yS35IVnEy2sE9jBF0Nyw8v0l/:P6ki29d1ikyGNGxvSJIVE8E9VF0Nyw8w
                                                                                                                                                                          MD5:0EF336BB27EE9BEAC04C8AD6A8B186A5
                                                                                                                                                                          SHA1:5FE7CA6F16DEB828B3C989EC8A127D707DCFD908
                                                                                                                                                                          SHA-256:4011B7B1DBA4EC23887B9529915E194B9DC6574D80185FD482C0320A59AD2A88
                                                                                                                                                                          SHA-512:C88BD126D08CBA3FE7CB5A59458039CF7F1981F12D875CB91CD9EE4F2D9ADFDE6703136B117B1943A1FBDE21E14EA9C04117B12F4CD18009A22F41FE520FAB3E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF............D................................)..........i..................YLq .\webadvisor.manifest.q.Q.V...[.....2Z..4.%3...f...>P(w..k.*..|......'4.4.WUr.}............D$.`V.Q.lBrC.......].."...}......0;...Wz./.].r.p....|.3...........f..N.4w.v......2./....O.?..b..x.......xZP...ES.NS.........Fq..2......i...5o|.k..xw>...qPD,....u.z.kj.N....j../!..o.........D...&.....#......X...BB....%$..F...wr.I.B4.d..g....X.3.d.G.@.e...o2..9~..1..}}...>...?..9A.XI....U...b0Z.. WH.W.br....o4.eZb..l.woigXr^....+c..v..D......2C[..v......F.|>Q'.pW.WM....T..sw}k..;!.Z..&.b7..|.O|.t/.....?:Btc....C....&.,..lPl...T-......[.s..^..t.~w.8'....r..-r.z...L...-.rw...uwYa.........7.Oy.0~....*JE...l....#U?LX.3...pbzD.._c.170..s.'.>.....M....{v......OWE../.K.m.{.....b.^N...*..*.O....*...\.g..}Y..9gWm.>zJ%H......q`.....=.,gp.*..q0.j....V..I1%6*."..>%,..y(_...N.;...h\..........bVx.QZ....4..^...P...'.\.9.q...Pp....[t;..g."..(..D......h.y...2....s............>.O....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\webadvisor.ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):99892
                                                                                                                                                                          Entropy (8bit):3.9749743269785345
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                          MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                          SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                          SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                          SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                          C:\Program Files\McAfee\Temp1920010323\wssdep.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 576083 bytes, 3 files, at 0x44 +A "\wssdep.manifest" +A "\win32\wssdep.dll", flags 0x4, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):586779
                                                                                                                                                                          Entropy (8bit):7.9992830970835564
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:wpnTlBe5fPL2OE9X9y9KO+HWpRWHMHHe6toSDe/W4K:wTlByLmPm+2zWHMH3oae+4K
                                                                                                                                                                          MD5:AFB062D1441DF0ACB1171AF089D2050B
                                                                                                                                                                          SHA1:EBAB2B66617C5CE75A1F8737335B71894FEE47FF
                                                                                                                                                                          SHA-256:4C9B176469D7F6D987D0C6B7D9FA01AC9E894AF6C6EE88C2150786DD1DFD1505
                                                                                                                                                                          SHA-512:9DDB46E01E816366F473DEC7F01E535611AFAD1C82436BE3D3088A28B4519DF6872D9A6B279AAC5842B98838969B47A4F11BA5302C998D95FD48DFAA1285C326
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MSCF....S.......D...........................S....)..............-...i..........YTq .\wssdep.manifest.....i......Y.p .\win32\wssdep.dll..G..I......YLq .\x64\wssdep.dll....U.8..[...8....."C`3..[....]..4(.....F*m.@k.Uj......e....ST.)i....N.}.....3.....k-.-. ...F2Y......3..2....@..~......w..g.NRN>]..tN.C..-....`..B....-(.aW./.Bv......^.F.%i..Y...%..%.....Mk@6.fw.......d..S....d@y..:....@Xf..............{.....|.7.k.Mri.*.T.:..*."QIP.2..B.(.$``..... ..@X.......5.m...Q.3.e;.....I...NZ.3&.)1..m....*..w6.>.5.2.&.....A..=m.O.....OJGK4.6...4.>_RIU...t]N.8.O.{fT....'...<*]..E...Y..l....t...p.....k..o....S..k=....?4.....4.5..E.e.B7.....I..:..-.b/"...mk.w :.H..5...>..g....3..k.t~.Y.C.=.[....h..6U.....M.L...x>c^.~.m.....Z.1.W.5*S*Q.1.$..Wp...I.P..)H.O..........o...]+uIc{...E.6..#x..G. v............k..'.e..k.....9.0.(.....*.f....^.J.I..Z.La.K.e.:..JbL..Z\R_...._...y...?..Ia..}[.......4......(.7..d.a.k...D...s......l.......C.[.L..........t.6Z..].Q.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\aviary_client.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (1531), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1738
                                                                                                                                                                          Entropy (8bit):5.310615763879483
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:jL4Ej0KD98d7lvOKi18GDAxJxFyWLcLBoHC85QsZKwkYq1O:fQKud71OKincxJxMW08RkYq1O
                                                                                                                                                                          MD5:BF5DBDBC3BE0BEB13B8DC98C9C80AB1D
                                                                                                                                                                          SHA1:F94538C278914A6B7DE73667B59324B2E07EFAA1
                                                                                                                                                                          SHA-256:9FD4D6CA3E5428EAAFAB78196B9901DE6871A003335F3A609943904AEC510121
                                                                                                                                                                          SHA-512:42439E42E63A86D9F245CADFA42A73AD94C16892737C76DA921BF92BB7974B1FF8097709F079D2028FBB61D590FB0CEB896F9AD9D1CF96572526610F635E14BE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var aviary_client_fileVersion = "1.2.207"; ..function CreateAviaryClientHelper(){try{var a={Get:function(f){try{if(this._aviaryPlugin){var c=this._aviaryPlugin.Get(f);this._logInformation("Get: key: "+f+" value:"+JSON.stringify(c));return c}}catch(d){this._logError("Get exception: "+d.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));g

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\common.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (14337), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14537
                                                                                                                                                                          Entropy (8bit):5.350517802797016
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ktu3RAn5OgUkr5oAZ0hFrBhCHzWFhBs4tdOceg+tktXSWV03w:k43RAnblghz0TqDsy+tklVH
                                                                                                                                                                          MD5:B1F49ADA2A373D0CAFCFC589F7387F38
                                                                                                                                                                          SHA1:22C7047052583C698E48510BF7A02A03ACA8B4CB
                                                                                                                                                                          SHA-256:D75CA8FB29D82F4B6EB36924E10A8F8A95B38CB7E63F3CB16F559ACD0B5076AC
                                                                                                                                                                          SHA-512:F07E04861EC294CA7F3E559983755FF244F6B10675007966078FF89AD4DC5E6FED44B9CD2EE2D6FAF5C53336D377DE63EA89A31FE5B5EAB2700055DB287B32A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var common_fileVersion = "1.2.207"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\config_manager.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (842), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1050
                                                                                                                                                                          Entropy (8bit):5.331663611219219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nvVaMEhIBolSPnrVCYJqPse4A7PWLb/X0rbjIfJNoUy:vbEhDSPrHAPse4A7PW3/X2uo7
                                                                                                                                                                          MD5:64F0EE978A9AD6ACEFB78A9E65639166
                                                                                                                                                                          SHA1:D0448B2DAE8E0FCE91CE5D212C8FC1A14753E24D
                                                                                                                                                                          SHA-256:92831E44E8EB7792CFB274A2AF856B94EB3B6B2F494261B6542C1A129412449C
                                                                                                                                                                          SHA-512:2DD51E99D635C7C515011E2BFE0AC03B29F59A2696A7807AC8514579F1BB4AAE79D36AFF67A8CB1507B39FDB588D15E65732AD9012F7E54F2F92D76F3E07E040
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var config_manager_fileVersion = "1.2.207"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//953095630E5BC260E5E4F8B036C3C20CAA70AD6ED5B391112307B476B9CB80CAFE7A03BCA5581A55

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\csp_client.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3383), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3587
                                                                                                                                                                          Entropy (8bit):5.310702375397368
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:59Brq8ECI+Vttye8xYAAkSynknNkTv5ApLCYnawFwklt48ZI3OU2k9qM4JCZ0urG:trHEfqr6GpdL4RgI3OL8ACe0E9C0B
                                                                                                                                                                          MD5:15FBE1F6B7403B7F3E6123FDEB108FB1
                                                                                                                                                                          SHA1:15CB2FE8977BE2D30AFF5278992E2901991F59C3
                                                                                                                                                                          SHA-256:51A5D5E68164D2F41D9DCB72D9E8422976B228CFCCC7FF123227C6A72944B482
                                                                                                                                                                          SHA-512:53A5D02FB4CA42275406B0DCDEE30C180CE733A67C727EABD455D6363115A09A4DA10883352BCCD75494E43B91DC78C51ED5787F9D3A46C1AEE25F6F148B6AFD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var csp_client_fileVersion = "1.2.207"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_collector.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (13754), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13962
                                                                                                                                                                          Entropy (8bit):5.215759154605658
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:IWRhWbpBthL10g4fquSZHo7vwFCw43NvyLUPu1phBOeY4PZTIit6BUQ2wHAUJ6fI:xmbpJY4WXo1tYQZTAV2LhA
                                                                                                                                                                          MD5:644CE9F96B15B259E25F64B7CB8F9D7F
                                                                                                                                                                          SHA1:E032A895FEFC72F6FBC7BC8765ED91B6992E540C
                                                                                                                                                                          SHA-256:436A023C1FC0D163A4BE552E9701EF763769FB4CC61ED82B0B7D73C6EAB884EF
                                                                                                                                                                          SHA-512:753140480C744241063E94B55793F1BECBA88B1FB7839A656E869E2C0452F660C2BFD7293E79FC03F538EDD2FDAF393CA82C666743A2DF53578AC1000B2CD72D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var data_collector_fileVersion = "1.2.207"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_items.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18607
                                                                                                                                                                          Entropy (8bit):3.675086040693106
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:H/62/66/63xQ2m5dMoaMMmO/h5/JMb//U/zM//2/ka5zP/Rb/Z/X/l/46/n/n/6N:WBmptHLSMn
                                                                                                                                                                          MD5:1AED066C47D366C4CF5EEC55A55CFA1F
                                                                                                                                                                          SHA1:5ACC4395BCC237DB6C9691A57F12A2DE13B0CA15
                                                                                                                                                                          SHA-256:ED8FEF7E21353ACEE5D98C9E29011E6FA94841F031FB847438F44751649B7F4F
                                                                                                                                                                          SHA-512:52AACF2ABAC3286DF81D10343CE08EA5BAF2899C9B8B6DA185EBE9B1C24AFF53AC1FFB4848C5320064BE5C44440A00BA2E23F447F7B8269277CCC840714A8332
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "version": "1.2.207",.. "data": {.. "product_analytics_content_version": {.. "params": "getContentVersion",.. "rule": {.. "ruleName": "notNull".. },.. "source": "engineContext".. },.. "product_install_type": {.. "params": {.. "name": "is_loud_install",.. "scope": 0,.. "default": "UNKNOWN".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "product_affiliate_id": {.. "params": {.. "name": "*Affid",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "device_geo_id": {.. "params": {.. "name": "SystemGEO",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waS

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (7140), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7341
                                                                                                                                                                          Entropy (8bit):5.272776603492146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:NSNaQstBT0ZVs64Hwxizhs2RS+R8Btmm9TsbYF0b4G:KWhxhLCPmz4G
                                                                                                                                                                          MD5:50680CF3ED41EBB5E92A474BB391B59C
                                                                                                                                                                          SHA1:5623E6C32E066200590D2B48AD621B7BC1CD44DD
                                                                                                                                                                          SHA-256:83B327F65C58A8A9F2F1FD1FAD1CD43B1A617FB42A8B3356383931895054E855
                                                                                                                                                                          SHA-512:4B5BE9CAE57A707C437A3EB2AAA4DCF4C54278977A679B5C197BA66B13D1F21E9E764169F489F0D006D10D0151DE90EBECDAD9517DC973D01CFAD62DCD22F3A4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var dataset_fileVersion = "1.2.207"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset_da.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (6749), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6953
                                                                                                                                                                          Entropy (8bit):5.406953542808857
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:DE+7wzRBsvJdOwfwrsEkRvtPYiNsnWPVybI6gNzgMd7e6peMYs5mIQ0Ql:DE+7uoJdSwHlQit0ONzgC7us5mIQNl
                                                                                                                                                                          MD5:0B3699EE9D6ADBC8BE5DE6DFBEFE9EB1
                                                                                                                                                                          SHA1:C8ACBF20D3DD65159D27468FDBB2350E4B57C3B1
                                                                                                                                                                          SHA-256:D7ECAB2ACF542B4F2208D7482C8AA5804ECED40160B2A7FD49210B34A03E2785
                                                                                                                                                                          SHA-512:92623EFFBC1EF55ADBF5CA37A0EC811A913FABBFF1A1A5698C8FD6397479E615C66AC66AF9176F8CFC141FD4C3BE92EF99D9D4A276462BF594C5168D80A42BF3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var dataset_da_fileVersion = "1.2.207"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\datasets_catalog.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2350
                                                                                                                                                                          Entropy (8bit):3.7724549775855634
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:HJEnvU2mEsWYFAnLqrtrMKKbDsHOrpFxssScJZQpcmG/VA7K:mvU2KWsALEJqbDsHofxsJ8ZQsD
                                                                                                                                                                          MD5:1ECA2971AD8DBFE9DF6831235966EA3B
                                                                                                                                                                          SHA1:69366788B2018049DA5F9250C659E3412DA759C8
                                                                                                                                                                          SHA-256:271307F6A5F0B88E9734F212D536962E70FE58587A3F1EB6B2EEF7D174532144
                                                                                                                                                                          SHA-512:B4AC164DB465E46481DAF0EF09913AEC723648C1F2D209E5CEDCB97310FEE7B2646980480371E52CE56F8353CB9113FC268A3CFC14D477AD22EE0375DED0AE32
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "version": "1.2.207",.. "data": {.. "default": {.. "data_items": [.. "product_analytics_content_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wa": {.. "data_items": [.. "product_version",.. "device_country_code",.. "product_subscription_type",.. "product_ab_test_group_id",.. "user_account_id",.. "product_productkey",.. "product_package_id",.. "device_platform_edition",.. "product_cpu_type",.. "device_platform_version",.. "product_install_type",.. "product_affiliate_id",.. "product_subscription_expiry_date",.. "device_geo_id",.. "user_global_reference_id",.. "device_id",.. "device_platform",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dictionary.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11114
                                                                                                                                                                          Entropy (8bit):4.06719219286141
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:WWOHdgzPqNxXciNwSmX2C6mWaSgkzRqU8MAqZPh4U:IgziHGazGsh4U
                                                                                                                                                                          MD5:3E2557F41184A52A640FA7505DA746CF
                                                                                                                                                                          SHA1:0DF2A2AC893875C0A5A9B3EE7CEE49C09E47E0BF
                                                                                                                                                                          SHA-256:3E4B9EBE1EE082A4D9ACE5463AF166576B4CEC0D8C5ABA6DBC33CAA1F7854229
                                                                                                                                                                          SHA-512:F083E2A15261D3DD3F2DCC4F2D1C044CA57943B77733DFA42A3A61380DB5A754B5B4B81DFA504C7A1C3F2E9F5D9E1D1D95C118FB16E856BBA7D75D53E908E3C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "version": "1.2.207",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_met

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\emitter.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (4110), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4311
                                                                                                                                                                          Entropy (8bit):5.218987411673366
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Ayk11hc+35U8Md+O2SNyMZ5uGC2AjrkCOGnDbs2//klaeOoR:nk1I+5Md+O2SNtC2WrkCOGnDalJOI
                                                                                                                                                                          MD5:6EDB43E2B897ED058467005809A0A98B
                                                                                                                                                                          SHA1:0CBEE317745D4B311FAEF7FE8AF3A74302B2AE62
                                                                                                                                                                          SHA-256:683F13FF9CEDBC314FFA9DE4847DD44576DFD98C08D0DACF14130A9C33CCE9EB
                                                                                                                                                                          SHA-512:99B29C3D15602108084B6F9B98658486F2F9DBF0AE73561131057ADB6B8FE2B6B287C07E2C2C4EC75846303DD23691BCF5DD6B8AC90B45C2E316EF303E115289
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var emitter_fileVersion = "1.2.207"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength;this.extendedAttributesLengthConfiguration=e.extendedAttributesLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transpo

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\engine.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (11329), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11529
                                                                                                                                                                          Entropy (8bit):5.251509170872591
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:k8+1u9z1l8Le62L9s9Zs2JFsIOSsnQSRTPd3uXsx14jxN2FhvsC7PquQQHDmksFD:Ge1LYpJyZQSRrdeXsx1AxNWFRddDmWM7
                                                                                                                                                                          MD5:D2B620DD44EAABD828691CD183544D77
                                                                                                                                                                          SHA1:F69EE6279E138B861C753B0337B64F97D650E0A7
                                                                                                                                                                          SHA-256:EDE3C3FA3231657C54873834025FC874812F66CBA5BBADD49B35CA41BB161819
                                                                                                                                                                          SHA-512:B70EE95087C2CE049FB95C82930D2B0AD9EB65DA177B725F14A705E569C9DBA13F818369EB5DCA2BDAB854A959DD18A06E68F6F637A1B4344E52A29D7F7CBB3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var engine_fileVersion = "1.2.207"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\error_transmitter.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2529), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2740
                                                                                                                                                                          Entropy (8bit):5.307372536970292
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:jURsQEqp22+r9sEDQgWenZsEXRiRmf3djAFzsEysEBQsEsFsEBMCnUGsEaffL/T8:vQnp2fxsrsnZsEAEf3d0FzsFsfsHFszw
                                                                                                                                                                          MD5:4ADEEACD0258D40755E5A022B33F7546
                                                                                                                                                                          SHA1:2A02C96A0887BF6D2D46DCE1F59C9A0E6A1093C4
                                                                                                                                                                          SHA-256:CDD72A97AEEFEB56A17CE7EC7994D94F2814920307C97945B35C01035BA38839
                                                                                                                                                                          SHA-512:FB8817E0BAC93E97E621BF6F8CBC0B8089D7FEEFEF3EAFE202935D9DC7412E0F61A83BCDB4F59BF5F1F689534924BACED815D9A54927937C5258290E6650A10A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var error_transmitter_fileVersion = "1.2.207"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\event_handler.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (6709), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6916
                                                                                                                                                                          Entropy (8bit):5.332785368649959
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Xb+vdzkDCDfgTg3ZyHORvgaF22TYlpt3NnhYqBU3YYXCf1S/:wkDgrouvgaF22TYlpdNnhVW3YK0w/
                                                                                                                                                                          MD5:5D3894984C361C0872B32692D17E4C9A
                                                                                                                                                                          SHA1:B877DE05F412254B3BCB20376A768E82B4AFB403
                                                                                                                                                                          SHA-256:2BA37D92C9482CCA05EEB44B7D88E95CB7B2D923C2149DEAEE6F052060CE1BD5
                                                                                                                                                                          SHA-512:FF6EF80108F614BE3F3B6BA49262B1571ECC760E6467ECB83D2E5D5A69DEFF146D65F960E0B2D78FD02560AF4ECE6576FCD5106572F9DFB044F329C325845CEC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var event_handler_fileVersion = "1.2.207"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\events.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):111041
                                                                                                                                                                          Entropy (8bit):3.9348502925966873
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:MfTdafTwJm8IKF7aSFjNEwH9H44dfgLLwSf4DAEqCLZ++ZY9cmQjqLqjVLBe+82Q:+GVnLw4Vlc41Semf5ZC
                                                                                                                                                                          MD5:88E1A666137E08C1DF1184311EE4EDC3
                                                                                                                                                                          SHA1:5EA47571ED9826D834414F4FD3859081781124CB
                                                                                                                                                                          SHA-256:A3CF45EF0EFDE76EE0EDC622E4A060F9AD89D253D2789980B42585C75E9319DC
                                                                                                                                                                          SHA-512:443A6BECC9D649B63ED9B7C291F6873161F6429029E7C18EA683FFEA49650161A911CFD7F791441C59FA6689FE9D8C3564259EF507EABD6F008968A0CC85E014
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "data": {.. "wa_advanced_protection_signals_impression": {.. "attributeRules": {.. "hit_action": {.. "meta": "screen_load",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "Analytics",.. "ruleName": "override".. },.. "hit_engagement_interactive": {.. "meta": true,.. "ruleName": "override".. },.. "hit_feature": {.. "meta": "TBD",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "success",.. "ruleName": "override".. },.. "hit_label_18": {.. "meta": "AdvancedProtectionSignals",.. "ruleName": "override".. },.. "hit_label_19": {.. "meta": "Impression",.. "ruleName": "override".. },.. "hit_label_20": {.. "meta": [.. "ch",.. "CH",.. "ff",.. "FF",.. "ed",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\hash128.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (4059), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4260
                                                                                                                                                                          Entropy (8bit):5.611688326739459
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:vhGfe5Z6TQ25OkR/ZCpMJFU7Rz94+IFpRREbgMG6hxOIq4sU/G/HIGIkUNjYbXO8:vI14icRpVIbRybgMGyxOIq4sU+/oGIkT
                                                                                                                                                                          MD5:7983FF75E04CC866E9C3736EC6CA6E38
                                                                                                                                                                          SHA1:84DFDEC6B1C7DA0766F55C9B19B0208FEDA82FC4
                                                                                                                                                                          SHA-256:FD0C12EE4B5A3C229876C78E882C9C22E110D63DE0BDE7AB6755599B6BB7213A
                                                                                                                                                                          SHA-512:FD15671001D00170D9A46B6400776EFDA9C2C3F852D2C8CFBB76194AB2215FC1F94956D6026CA58AFB209C79099B1508EE518D4CEA2192358F4CD3B1F02B34DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var hash128_fileVersion = "1.2.207"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\json2.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3618), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3817
                                                                                                                                                                          Entropy (8bit):5.530625915891614
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CbxjvqEYontqQYCNRqihKDMl1Q9/+slg60yvb0Pz/RlOZglybLnE3L:hEKTGzg2sWqz+lybLEb
                                                                                                                                                                          MD5:20F5C2032879B10E8B580C46AC1EF8CC
                                                                                                                                                                          SHA1:DBCF94C479FDB1A8EF68516985D5119DCA24ED30
                                                                                                                                                                          SHA-256:F2B3D3B14C5F9333FB239A13F7E67F01C9376A1590149C93D19F10859BF85029
                                                                                                                                                                          SHA-512:865280D030E7D106B40DF9302EF18449B2AD15585309884C4762233D32B08FBA5FB63415BB1F91BCD6CB23C64BAD7A2C3443806A884647E73A28892BB3656A6A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var JSON2_fileVersion = "1.2.207"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\logging.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3176), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3377
                                                                                                                                                                          Entropy (8bit):5.479273243699144
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:BXNGJtGJIGM+GtH5jnV+g2CdWVvDK1lEwJ2MPRp0WvmQ:SJEJTMpzYVrKwMPv0W5
                                                                                                                                                                          MD5:B555BD6163BDF924B6C1B5074C601639
                                                                                                                                                                          SHA1:6C8589BB8C6DD5E3DA3601BF0EE4145A82F3783E
                                                                                                                                                                          SHA-256:A92DAFE1710A0C98889B1424A772C4D629B8AC3E64718B712EEF9A9398EA7BF9
                                                                                                                                                                          SHA-512:BD0803FCF279DFC0A957CB62B77001301D9948058F2937E46812D30A3916DEF715B8C24BCA03443A89D1A9D123E0CB302719010F64D7911827AB6AB13A21486F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var logging_fileVersion = "1.2.207"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mappings.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2160), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2362
                                                                                                                                                                          Entropy (8bit):5.341126002451161
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ts7j7XL5Zqjbtkp2yI4XNJEE+yqAUfOh6A+33SRWVCYCZVpjCm:C/IkxXn1+yQOh6D33vCtVpmm
                                                                                                                                                                          MD5:201D239AC5641E21276B010729194627
                                                                                                                                                                          SHA1:BC28DE2C3B754F70E28AC6AC338B922A298C6355
                                                                                                                                                                          SHA-256:073705514949ECEFCF223B162CCDFB2F441B751D4F300E8C66CDDD97ECFA43FB
                                                                                                                                                                          SHA-512:DEB9B0F64A2C829933EFC574F3E89ED208D0A2764154F8B874FAF68C8C8128EE09C3F65810CC04149706730B7EBF289C00A66C5170B03A770613E0624B479A11
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var mappings_fileVersion = "1.2.207"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mcutil.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (1832), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2032
                                                                                                                                                                          Entropy (8bit):5.423277669449905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:+s9YBy8KJU9hYErsYvZ5YxHqbWbb//yb07jcFl4ADv8TuScS:+aY7MErvScaiNXScS
                                                                                                                                                                          MD5:3CBF8AFC920909380ACB992BDF3E512B
                                                                                                                                                                          SHA1:04671BE11FE13EA1F94720F6000E8BDA4EC85A17
                                                                                                                                                                          SHA-256:C7A25297A77FA791908A502D7E2C9947495FEE364F4D0B082C840B160E8DAA8E
                                                                                                                                                                          SHA-512:BFE85B6B8900C53AEF2E2DC43644CCDDA69363CDAAA8152DC43754BA27F3B5EAE647564EF65C46E9EF11D6DBCD217F82B9339FFADF95120F5732B9F168D0AF4A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var mcutil_fileVersion = "1.2.207"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\observation_analytics.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2017
                                                                                                                                                                          Entropy (8bit):5.26731779293553
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:nvCEumJTxfCViKARzApkiNOVBdDzdzHbp5db5GFDvVd9MGZdozuIdvm47q:nvVusTxfCViK0zJD5zHVjb5GFDvfb5IK
                                                                                                                                                                          MD5:ABBC3977ABF11A6939F540A6868D33C1
                                                                                                                                                                          SHA1:05369495EA24DFF62B8228AC6062C67161DCED7D
                                                                                                                                                                          SHA-256:5F866BB319EC2ED7439190ACCE6706C9B23A3BFDED5199A0E75A876A2A320D05
                                                                                                                                                                          SHA-512:6F504C616DFBD2B3C9C6B0593A34E7FAFE640DDF96C74FB0033DE8604F0970E3C4E6356D0CACB0EA2892BB4EBEE4373C51A7CB3D5AF2AEEEB6F8F1303CE5D842
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var observation_analytics_fileVersion = "1.2.207"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\operations.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (6532), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6736
                                                                                                                                                                          Entropy (8bit):5.338180967031238
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:1Ak6WqZs6S+qL5QaQlifjf9i/OCi8sdHvzqZ+SSf72NfoDc8H5sviXvn34Z:1EbS7yidGBdg4Z
                                                                                                                                                                          MD5:9EE3DA049A15DC1FED10A69374D29AA5
                                                                                                                                                                          SHA1:663BF2C28E76A62D7344C7BCE0E79CA981F6E37E
                                                                                                                                                                          SHA-256:626ED39BCBF1FD198FE95CFA0E41B3A4054E2012E9DB727ACFB98B621B3EBA3D
                                                                                                                                                                          SHA-512:25E75948D8FF66329D756E7F1A3CA326D1CDB674BBA7D9D986679BE877E07AAEC1A176FA7FB08A86B00C04FD98C8D523B7B6C5A1136C2E1EACAB6E58C6A33603
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var operations_fileVersion = "1.2.207"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\preprocessors.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (825), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1032
                                                                                                                                                                          Entropy (8bit):5.407206303181614
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nHaMLYQI/YCqYJIAb2sFsn5caYyb2srq7Y4cbfsk0RrnsEeEcEQ02ka+5X:9LVI/xqIXbTFsKrybTAncbfl0RrsnEQ0
                                                                                                                                                                          MD5:3A098C1847B809C74FA2F81A6EDB7A2A
                                                                                                                                                                          SHA1:44FE06FAFB93229C16B5AFCEA617A9FFD0FD7ED3
                                                                                                                                                                          SHA-256:50343A3BA19D3B1EA88CB25AFB793A6F3A9EF89F1536877FFAF63488B42171C1
                                                                                                                                                                          SHA-512:541DE8EAA210AFE0A8984BC4596BEE91676AA0266BA9C285B1F8206DD349F7E811C9A90B6C7813EE21C003B0859DD175BC7AFD4FA5791E70A5320A7C4C41E24A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var preprocessors_fileVersion = "1.2.207"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//2A8BA9A3CF28FE0B788EE8EE5EF460AE4C277718D31A3828255A026318A7D3CBC2DAE6A471F917D6459DA78B69D7D366DA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\profile.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5310
                                                                                                                                                                          Entropy (8bit):4.151562694252807
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Hm9y51drjiTX2/mIQft9y51drGhImxs9y51druhmmxD9y51drGhIme0mW9y51dro:Mf2/dGTYs62sBY0m821O62Rp
                                                                                                                                                                          MD5:77EC6811E64A2D1062B6D2B6E99FE511
                                                                                                                                                                          SHA1:AD89005E27D4AF9751C203D794E3BEE95857F834
                                                                                                                                                                          SHA-256:B54D150627770DB1B485F3B1C35D21A3B2680638146C435AA584B9375E223DCB
                                                                                                                                                                          SHA-512:509396EB87E906B49137C15FDC2A3BA2C01E47775684104734972ABFC26635A74715911BAD1E78AC358B6505724C683B63016ED960B1768E7F81AA5FE826572A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "version": "1.2.207",.. "data": {.. "profile_webadvisor_mosaic_100p": {.. "transport": "eh",.. "dictionary": "dictionary_wa_mosaic",.. "datasets": [.. "default",.. "wa".. ],.. "maxDimensionLength": 500000,.. "appid": "7b3ed1a8-7907-436a-ac6c-640bfd5db80c",.. "transport_config": {.. "apiVersion": "2014-01",.. "servicebusNamespace": "cu1pehnswebadvisor1",.. "eventHubPath": "new_wa",.. "sharedAccessKey": "IU1g+5XrDoldu/krnr8GDbVL/jHXoqZrH9alKG29J8Q=",.. "sharedAccessName": "new_wasend".. },.. "throttleRule": {.. "meta": 100,.. "ruleName": "dailyMax".. },.. "throttleMultiplier": 64.. },.. "profile_webadvisor_mosaic_kongapi_100p_qa": {.. "transport": "mosaic_api_v2",.. "dictionary": "dic

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\registry.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2785), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2987
                                                                                                                                                                          Entropy (8bit):5.391898752346337
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:kNToenoesA9R/io8udVQN7wfagenv7sboA+FNvf4uCmnWoGbA/WoGb5u4U74:gBVsuvsnvYc/UiWAWBun74
                                                                                                                                                                          MD5:C3DDA0578EB6C5E9E98822CFCDDD2F77
                                                                                                                                                                          SHA1:7465CABFCCEFCAFFAFF46748C4CE084479BECDDC
                                                                                                                                                                          SHA-256:42AA37BFA9397326FD2221029DB7F77555CFEFF9F3CE4220AADE522E22E93C71
                                                                                                                                                                          SHA-512:9175040B933F546B8F3C57CB38015C7E6A849C303FF9A76848AEF1DA2713F4CF49A3A77F11081154C6F6848CAC88CDAD380EB9391755426A691214BBA89F7E05
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var registry_fileVersion = "1.2.207"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rest_transport.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (6423), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6631
                                                                                                                                                                          Entropy (8bit):5.299670531341887
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:S8sCKa1ZC0CG20+M9wBFmGO1zadW9NvEPzs5C7c8a5dcQbefnLpNxZ:6B9PzpR
                                                                                                                                                                          MD5:F9918F7C56ADDF54DAC785161A448446
                                                                                                                                                                          SHA1:C35138433004A8DD0BE6AF271748B0348E653E44
                                                                                                                                                                          SHA-256:349E3AA4B233C2EDE4BB2ED593B6064D2EC432E8DEBDB43F99EA04ECD36ED0D5
                                                                                                                                                                          SHA-512:0CCDBA4EEBAB0FBDFDE7A36D4BA1244EDADC9E8E0971305FD9C78EB0580C70A98604E2503F03DEE753D876769DA13FE22D9B6D9232BDC1439D85252946156BCA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var rest_transport_fileVersion = "1.2.207"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rules.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3246), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3445
                                                                                                                                                                          Entropy (8bit):5.356749738549081
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YM0Vnh1PJzvkXv3i/kYrAH6aEPhZf3a4BdaFBLYFpGbaaPYFpGbMmUpXjJbO8iRT:Hfpkq4qFypHrVdiSN5bYQhavJHsI
                                                                                                                                                                          MD5:03E1CF256ECCA67F71C03E80F523E1E1
                                                                                                                                                                          SHA1:E0E40A0C65C991D5F4D66E11709EBC6F0DE7527F
                                                                                                                                                                          SHA-256:FCD1D2A21372C716729057E3B1204844FAF21755EE524B5582AFB997DC775970
                                                                                                                                                                          SHA-512:82ADA970915808DCB2DC926C48F7D121D711969DB7512AC15CB8EA3388EBAB968E80B77E99F4C6AE13B5FDA31CAFA600CB69E8CA13459280E56B1099F413F589
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var rules_fileVersion = "1.2.207"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\sha256.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):37442
                                                                                                                                                                          Entropy (8bit):5.182461810815972
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:wNLZ52t2LQdhrnY09gCZHAtV9EhhfVroWqA2l:wv5KUQ809gwHAlybqAK
                                                                                                                                                                          MD5:F537624BEFCF3D5C8BFB1B6E6E080C27
                                                                                                                                                                          SHA1:A05D1F1713A801A078DE5466DC98B113DF3542BB
                                                                                                                                                                          SHA-256:61CF3782570531EA00959C733C001E41191143224E9AA1F05A2C6EA7F9B81987
                                                                                                                                                                          SHA-512:6EDE0C255EA1A720ACDCF227CBABC07798C1F8390C57A5F4EC18C48DB0EFE01E3051E102A563EE47D4E5F32E162872021075B5C83302248A1D69227592F54BA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var sha256_fileVersion = "1.2.207"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\subdb.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (663), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):862
                                                                                                                                                                          Entropy (8bit):5.490919968989528
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nYmaMV5IOd09ODopDwLgmjNnbijyUIihtUR:tV5iOD+ss4NbieDGte
                                                                                                                                                                          MD5:EB3E712B17A036B166AF5F45974C73E3
                                                                                                                                                                          SHA1:9679D85A870EDB37A79A4536A89387EA9DF9EF51
                                                                                                                                                                          SHA-256:FFACAF239D4EAEF3E1CA8715932988D76E5538699E424D37852FA7A18D4111AD
                                                                                                                                                                          SHA-512:90650A8A3064FFECDECF462AFC8EAE283D429C15860ED0AE20F15DDDEFD106BA2A207CAE64F5D92A51C863B9D34A0953C18891EC77A810E95775F0F65BBC22A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var subdb_fileVersion = "1.2.207"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//510B6CF2F4B5F5627F98E3A207501510DF1A543E23B23AA0DC6EC97FB2920BFB822A063BC45B3DC4140D6895D94C8C9BE91339ACA6CAAA2FDDD05F839AB76744++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transmitter_template.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3717), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3931
                                                                                                                                                                          Entropy (8bit):5.348065191482385
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:TDeOIhVr9zrhSLCxNBpyX0irau/9lRCHfYMSWmL8s:2OIBzrhscB80irj/9lwH+Is
                                                                                                                                                                          MD5:233219ECDC73DDB26CA928030F2F0088
                                                                                                                                                                          SHA1:9C4F96173A42196DE65E2C07CF80FC6170C93FC8
                                                                                                                                                                          SHA-256:F0919941ED5D166FB99A5CC6FD3992B6D0C6FDC88A605E0E421951F21ED05493
                                                                                                                                                                          SHA-512:751957404FF4782C18DEC26B2114CE9BB57F4D9F488312494A6E142FD867E14F780F9ECC3B63068BA83D04F5DEE118D60AFBB876736FC2FBBF9F7CDCFC033290
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transmitter_template_fileVersion = "1.2.207"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (7089), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7292
                                                                                                                                                                          Entropy (8bit):5.239946272970433
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:5NppM62N2XDFDHmoHKvxOjrfFQdRn2ESa/ecRWUIWqdGE1SbGvkrC:5NppT2N2XDFiRvxOjDFQdJ2ESa/ecRWb
                                                                                                                                                                          MD5:90D8B73452EADCAE0E19455654E53D4F
                                                                                                                                                                          SHA1:82D9645BF9AC62C85D67A6C9D5CBE00D7532DAB0
                                                                                                                                                                          SHA-256:E2FFD71E0AB4184DAF2331002977BD9348E889103100BE41340BFE972BFA28EA
                                                                                                                                                                          SHA-512:16C187C5260127D9DF8E8EF557EC9B2676CDC891BED80CED0F1448F94B16990098594A25EF8B6FE09D651338FED253FE11D1E119622774DEBC00CF5857BF8CD1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_fileVersion = "1.2.207"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ai.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2458), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2664
                                                                                                                                                                          Entropy (8bit):5.488185422412943
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:ktUciWIdy2hgcmGY2rVTOd6oNoP5vCuKKiWXUlK7oBCijzAq:dA2hqGY2rhOELKM0BCijsq
                                                                                                                                                                          MD5:049E091FD0F44EF44D0F8577E2145672
                                                                                                                                                                          SHA1:5956689F2AFEACC9A8D57B778353D457DD297695
                                                                                                                                                                          SHA-256:4860B53624E471C48DBC5028C24966FC506D98B36698B505824FCE6908225C8C
                                                                                                                                                                          SHA-512:BE2157468A141AA1ABBC3231200697F80C27CC7021AF3D15FAEC3C4D2CFEFD8460D7FD508EAC05206924982E814A5DA1C98E2B1A3A8E33546D860748A5193D62
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_ai_fileVersion = "1.2.207"; ..function CreateApplicationInsightsTransport(){function b(h){try{var j=/\d{4}-[01]\d-[0-3]\d\T[0-2]\d:[0-5]\d:[0-5]\dZ/;if(j.exec(h)){return h}var i=/\d{4}-[01]\d-[0-3]\d\ [0-2]\d:[0-5]\d:[0-5]\dZ/;if(!i.exec(h)){return null}var l=h.split(" ").join("T");return l}catch(k){logError("getValidIso: Exception caught: "+k.message)}return null}function c(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"EventData";case"screen":return"PageViewData"}return null}function f(i){var h={};try{for(var j in i){if(isNaN(i[j])){logWarning("getNumberValues: ignoring value at key: "+j+". With value: "+i[j])}else{try{h[j]=Number(i[j])}catch(k){logError("getNumberValues: Exception caught at key: "+j+". Exception: "+k.message)}}}}catch(k){logError("getNumberValues: Exception caught: "+k.message)}return h}function e(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"Event";case"screen":return"PageView"}return nu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_api_endpoint.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3250), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3466
                                                                                                                                                                          Entropy (8bit):5.326893850767579
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:IEi5lyUHvoZQLbMF1YfEj05DK+wlVE15DkAPAjh:IEi5ZwibMF1YfY05DK+wkzDkAPAjh
                                                                                                                                                                          MD5:3A09D3B85D33DC30FD553CFA10169A16
                                                                                                                                                                          SHA1:1EB6CA315E21A823E829D0BDFDD578D168E78817
                                                                                                                                                                          SHA-256:18589CC1AA6AAED8302A28E05B22BD8B68E991D04317AAD2527A0F5D2EB3CFD3
                                                                                                                                                                          SHA-512:6BB2A45DE0836C167B43E6EBA3A69BC4FB0393ADACAB92BEED76CB5018FBC7D706F759D1E5F19D05702B4A50451EF2218C237E4606AA32B17D11A2CAE71A235E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_api_endpoint_fileVersion = "1.2.207"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_aws_apigateway_v1.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (4753), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4974
                                                                                                                                                                          Entropy (8bit):5.40433259600301
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:gK44u2URXvoZjLFlE5WB1AwfitMQxHcdqbw:gK4LdwFFl2NwfitrxHcdqbw
                                                                                                                                                                          MD5:C84AE5F12BAE4A5B5901083E3B1AF7E4
                                                                                                                                                                          SHA1:E50A9FBC0F3A88D456809321694D7B42D328BD62
                                                                                                                                                                          SHA-256:5C470D788353E477219D77A29544D58890CED27CDF6B8683627CBDA9CD4D3521
                                                                                                                                                                          SHA-512:7D82FB71D1D8CB4E644186529D262FFE62A645EF6FE4EE33B0B3EFF01E21394A937C3642E21B03E6A293695C77AF4215F212B93E9771DDE2944E81ED11B49C78
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_aws_apigateway_v1_fileVersion = "1.2.207"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_da.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2581), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2787
                                                                                                                                                                          Entropy (8bit):5.394292692824491
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:k+KC4cETZD7ThSwsnoK2NkNCalAVKp9oH259ln2W8HsFAS0+NN70JxAesVuCdL0j:tUvhSwODAAce2OpNS+VfBs/ks
                                                                                                                                                                          MD5:7EDA555B9A0E1761B0E7B789E0E70C8B
                                                                                                                                                                          SHA1:7CAA2741F2ECB2F8DA06D52C527C45AECBB43DC3
                                                                                                                                                                          SHA-256:E9F667C71FDC49970382128856373841C7CB24C737D59FD4612986153EAA9D9A
                                                                                                                                                                          SHA-512:2C9A633E91E0D9209393419FF6C47D86C38D830BE63F48850CA955904B4C023735C5B3EFD43D8FE25152ADD0584FED801A34BE2CF685FBDF00459E64BC67AA6A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_da_fileVersion = "1.2.207"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_eng_observability.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3274), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3495
                                                                                                                                                                          Entropy (8bit):5.199517939540756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:JOXKiK/bXDX8cX0XkXRXUXL1XUXSwXUXNXWXBoX1b6iYikiXxxiEiQX4iw2XK/nF:JOXK9/bXDX8cX0XkXRXUXL1XUX5XUXNo
                                                                                                                                                                          MD5:257029E2FDA438BCDD5FBA8D84DA00DF
                                                                                                                                                                          SHA1:E6538A33232613B1F62064220139BD713679A99D
                                                                                                                                                                          SHA-256:FDDE7D299E825C5A43B95FC487A273FD073B7EBE8638D9109F3D8A10D95C146A
                                                                                                                                                                          SHA-512:15E34D922D863705A41B8929865F9232C22DD550465202D51800A92015F414AAA7B0DE4FF0C512F12EADDCD2E326EEC9EA4DB9791EA54705A79F51C4E7EE2F2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_eng_observability_fileVersion = "1.2.207"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_event_hub.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (7985), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8198
                                                                                                                                                                          Entropy (8bit):5.265738364412356
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:3ZONyk/DC0+p55U7voKLgIEpfEdvQKf3Jmn/i/6/lWqu/K/z1gdnxmVMdqAQ7FGv:3Zvk7uYwGOZIWEcQ5s0nx23VIHk4
                                                                                                                                                                          MD5:EB13ACF1CBE53258B4975A3A93B64593
                                                                                                                                                                          SHA1:3869F58347755A3BE0473B04BC0DF34CA864E82D
                                                                                                                                                                          SHA-256:7DB8C911B5E40C1D128909B5FEB8ACD249B7CB958D4A615A121413DF8B781C6B
                                                                                                                                                                          SHA-512:C200393EA9ABB67F16821552E84F9300010BF4092CF7B8C87DA57ACAB9C44FE041ED756659B58497474D162572FC43BCC17F6EBC842CF5734F7EA3B10C7088EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_event_hub_fileVersion = "1.2.207"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ga.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2200), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2406
                                                                                                                                                                          Entropy (8bit):5.484170892348279
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:kMoavQfNfXcBBCE+yR60SO4k2WMWsH6du4jTk7v9:3MXcgE+yWOd2WRsH6ZkZ
                                                                                                                                                                          MD5:9CDE7447BB10D521D0EEB8D8933A8A58
                                                                                                                                                                          SHA1:718E0E80C92E52EB73FC34CB078E795F94C7A2E0
                                                                                                                                                                          SHA-256:68D128F781F2C11A752BDA8CF4B667F4541406B558ADEA507E3E865960464C7A
                                                                                                                                                                          SHA-512:0CAE6268634CCCA394A48E2C92B39F330963911F2DFA93CB4CD9E2F9F13DCC61C514EBD1EC43827B5359042C21634691009D29B9A7DFBB30D16FE03D5F2F8EDF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_ga_fileVersion = "1.2.207"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_mosaic_api_v2.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (4495), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4712
                                                                                                                                                                          Entropy (8bit):5.252505075477052
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5itfQ5N+gtjbS6iYikiXx8iHi17iwyRAinJOdtUinPM8:58fQ5Ig5VikCuYq7HyRA0Jwtln
                                                                                                                                                                          MD5:3BFF1CE9338838EDAE8C0EB0311E3115
                                                                                                                                                                          SHA1:994089983AF9D7039D92CD3DFA2AA8158509AF33
                                                                                                                                                                          SHA-256:AB4D2C30F4D4A1D59F9EA4E600F9CC2C3ED87FC02CE5CBE1AB0ABE275DF05B67
                                                                                                                                                                          SHA-512:39D47E7EC4C7A60A9AE87C159065F2995BA7DE334FB4B3EAB69565EF419790B7DD9717297031B3F481E72E259D2500C98F7BC23D6836C3B79CFEA7F73F9BAFD8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_mosaic_api_v2_fileVersion = "1.2.207"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this._rtHeaders=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Trans

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_msgbus.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3000), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3210
                                                                                                                                                                          Entropy (8bit):5.2474011174074295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:kr7AiguxG0OAO/YxsMY7/KK3q/JepiZOViXNlJdZJz7ISjV:IANwGPAhxeP6xGSjddPzckV
                                                                                                                                                                          MD5:3CA8F099BCD6E03D1081FE224BBAFB0E
                                                                                                                                                                          SHA1:9703BE5C345AFD5B28863DFF4277D82C220643F5
                                                                                                                                                                          SHA-256:B679EAE6ABE3313283BED1DE35D22435F841E3C6DE823D186F318EC06D391CBD
                                                                                                                                                                          SHA-512:E41D9F67B49CD225741639614A4AA23DB29EF66FA2C0681124674746BE965BCC976FEFB53462D105D68E97F665C5227E2142FFDBD4A41876519D7F3E5E24EDEA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_msgbus_fileVersion = "1.2.207"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_template.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (1249), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1461
                                                                                                                                                                          Entropy (8bit):5.34278016822941
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nk/8aMm3IGAIOt/m/HYu2eRejjysUutC9zf/98L4oIiAIu7LQ/Ho7/Ts7f0gB:k/Sm3FAd/m/Hz2xLcT/696Dx7/mB
                                                                                                                                                                          MD5:AA705B06B1B20E35AEAF8B868C5F4128
                                                                                                                                                                          SHA1:3316B62A89EF479F16FE937C72C5E62317C23C27
                                                                                                                                                                          SHA-256:E8800992443E9F4D70590C7DFC9B2927DE5EA49EB6B761EAE3205E465E017D39
                                                                                                                                                                          SHA-512:EDB9F9C4BD7FB4B31A1415CD6D6286ACD78F81E9C3BCDCE2D6A7001D953D33C85985C59821EE9F8047DD134F74F7B351F31FD78C469E6AD12852678D793CDA38
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var transport_template_fileVersion = "1.2.207"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\uwp_storage.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (474), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):679
                                                                                                                                                                          Entropy (8bit):5.528651726553457
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:UqbdaN47iGreq8C5qlHz0TTqB7kh8hqzfAImT0mgqmOYBx/T/gAVOQWQ8Xz5fT:nbdauiGf88qlHQ/qIUIqqq9uJTFOQafT
                                                                                                                                                                          MD5:683F4A83D1B003A49578D9C111CAD65F
                                                                                                                                                                          SHA1:191149157678970687DB152E356185308F85B29E
                                                                                                                                                                          SHA-256:925244EF5AEF3318A21E93C4CE94BBA4092F875DB7F10BF703B407868B06AB18
                                                                                                                                                                          SHA-512:352B6292A0CC93408028107E889AA7C6FDC954C74A0C98AFB4FDD58EB66070C4BF475AAB7FFDAD06911BEB05D9D5F9F2B7D9EDF11493DC95316B2DA1AA835186
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var uwp_storage_fileVersion = "1.2.207"; ..var createUWPStorage=function(){var a={_content:{},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{if(!this._content){return null}return this._content[b]}catch(c){logError("uwp_storage:get: key("+b+"): "+c.message)}},getContent:function(){return this._content}};return a};ModuleManager.registerFactory("uwp_storage",createUWPStorage);..//9D8D5538830D5DDA530017E019CC1928F5F33E59A7F6257D35764CCC7A2613215B5A5874F10B8B9B3D6BF582F358A7C2A0271967C57AE30B52AEEFA0482D0B33++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wa_settingsdb.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (814), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1021
                                                                                                                                                                          Entropy (8bit):5.404669125329936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nxbaMFOX49BAsnzOURzngpy3WAsngFPSIO90doQUkQ0Ps8B2:xBFOSAZA3WAzSixdUI2
                                                                                                                                                                          MD5:AFD66758130673E67FD28B1198B8200B
                                                                                                                                                                          SHA1:1E2E680B1FDE12118C8B1EEF1C83ECFA306E18CB
                                                                                                                                                                          SHA-256:32FE98CB61D1A2E9524D2DDCCDB76D8629B70A3E3C0A9724D2F86ED7FC0023E4
                                                                                                                                                                          SHA-512:D0D1D8FA3A545BDB55E15DCBB34BE5F5AAC057157CE0DEAE7A10697792F0455D910EAEC265D9741D8EE6DF7E4798DBAF2F230C0223E04432F64AB40445FA58CC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var wa_settingsdb_fileVersion = "1.2.207"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//6D8DD7DDB36D91D32AAF8638B985F7ACF089948683CA6948892D84305AEDB7CACBE9573416041415E14F60F8EF13FA814BE9F7EAA489F

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wmi.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (7401), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7598
                                                                                                                                                                          Entropy (8bit):5.385271350984257
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:lt40Xb6wcFz1g8o3IE/ADvEWgj0xOsdmMcJS+c04IqIz65vSzCT0:lt48brys3IE4D8WqM0S+c04wzlzCQ
                                                                                                                                                                          MD5:704BDC280B4C8AAE827052FAC90172DD
                                                                                                                                                                          SHA1:609D04ECF1DDC83F55CB8EB7C2E98DEDECA126AF
                                                                                                                                                                          SHA-256:B667E7A4414310951EC845AD81CF4D90A22DB4FBECB5D5E05CF009F0D2078A09
                                                                                                                                                                          SHA-512:E9B066D0B89E8FE1749D3ADC15F9B0126A078514E07FBD23F92671AA91643A309006A6F6B5CF26791B4A2CC6AADCBE62528C09644F7F90160D150BD40590DE73
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! $FileVersion=1.2.207 */ var wmi_fileVersion = "1.2.207"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, many, 63363 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1503 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):76467
                                                                                                                                                                          Entropy (8bit):7.975020219369136
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:oHzKTWi0+jyw/hdhS16Sc8buLdkpxl6ZggPJhNK5NyuFfUl:oHzKTW1+7hwccu5kpxdAJhIRfK
                                                                                                                                                                          MD5:001AAB25A9ED3A8EE5C405901E6078F3
                                                                                                                                                                          SHA1:939596B653E3ED74A5B76506C62CD68FE5C9265F
                                                                                                                                                                          SHA-256:0210CFDDC082F6DFD9EEAD5D8FB64B5B6B70E8938246CFE8E530BC47C10E05A5
                                                                                                                                                                          SHA-512:702C8B0DE00675331DAF53075091A773BBC316AA9E4AB142C71640E508E08BCF98F9A828820AAF96ADAB4D133D5C65468E2294B4003F4D9942D43559DFEF5043
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF............D...........,...................03............................{Y.. .aviary_client.js..8........{Y.. .common.js......?....{Y.. .config_manager.js......C....{Y.. .csp_client.js......Q....{Y.. .dataset.js.....]n....{Y.. .datasets_catalog.json.)....w....{Y.. .dataset_da.js..6........{Y.. .data_collector.js..H..>.....{Y.. .data_items.json.j+........{YZ. .dictionary.json.....W=....{Y.. .emitter.js..-...N....{Y.. .engine.js.....7{....{Y.. .error_transmitter.js..........{Ye. .events.json......7....{Y.. .event_handler.js......R....{Y.. .hash128.js.....Tc....{Y.. .json2.js.1...=r....{Y.. .logging.js.:...n.....{Y.. .mappings.js...........{Y.. .mcutil.js...........{Y.. .observation_analytics.js.P...y.....{Y.. .operations.js..........{Y.. .preprocessors.js..........{Yj. .profile.json...........{Y.. .registry.js.....:.....{Y.. .rest_transport.js.u...!.....{Y.. .rules.js.B.........{Y.. .sha256.js.^........{Y.. .subdb.js.[...6.....{Y.. .transmitter_template.js.|.........{Y.. .trans

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):656
                                                                                                                                                                          Entropy (8bit):5.259529720888838
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6csNwI62Td/sSEw+gwG8k47nC6VY16oBzkykHs/nIBiS5knn5k2:6clsh/qwzf8b7CwY16oBzkyb/dSennm2
                                                                                                                                                                          MD5:063B01ACFBC3E53986EE211B4E420E51
                                                                                                                                                                          SHA1:D482713530D7859CEE7FA935B56BA9A0BAFE65E4
                                                                                                                                                                          SHA-256:05B1E88EDB1E11DFEEF1F635C297D660B7A4019209AF233A39A4E7EEA754E083
                                                                                                                                                                          SHA-512:FF7D8505A4F5D37CF4D3D6EA86F64DE223AAA48B13414DB1934F29184FAF8CA84BB7F2BC4058FFF5C02CABEE2EF87553676FF0C0FE8FDEFC34B1DA4D61DDE985
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........4...6.......-...B...-.......X...-.......G...A...X...-.......X...-...9.......X...-...9.......G...A...L..........init.setmetatableR.......6.......B.......X...U.......X...+...L...9...X...+...L...._base.getmetatable........%4.......X...6.......B.......X.......+...X...6.......B.......X...6.......B...H...<...F...R...=...=...4...3...=...=...3...=...6...........B...2...L....setmetatable..is_a.init..__call.__index._base.pairs.table.function.typeB.......6...9.......X...6...4...=...6...3...=...K.....class.core._G...//F2B26E9DD241203C81C77BFECA6B630511697551E4152D1BF87BAD56E3CC9BD8698F46768662FB0027454CBEB274D612743D86C7F0BBB5EE6DAA8106C5A91BD5++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10234
                                                                                                                                                                          Entropy (8bit):5.605516703152428
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:jWXBkgh/3g7O7qaNfEyc80vDGwVd4Wog1DYEZpQ7+hC+Tf8IkZ0JGlG:ckgBGO7q8RcTvf7xNZUqmG
                                                                                                                                                                          MD5:E6C5467CF4387066DD18ED54A17D0FCA
                                                                                                                                                                          SHA1:EFE872AD5F4537B1439400E63B2E780F8C554251
                                                                                                                                                                          SHA-256:5C9465F5979C568525708D1EDC98E582B01AA4D6647261ED908CFEA4E518DAC6
                                                                                                                                                                          SHA-512:F44EA1E701DED4F22F6838CD288B414211D1E0CD8425F702F321CA14BB681BBD0937D3F1B5ED21F1939BF9D58E8494C7E1C1015ACB9F2F3D84E49D8AC119B4A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..>.......-...'...B...9.......X.......K........getmetatable.debug........'...L....null........5)...)...)...-.......B...H.......X...-.......B.......X...........X.......X...-.......B.......X...).......X...-.......B.......X...+...L.......X...........F...R...).......X.......X...........X...+...L...+.......J..........number.n..........w-...8.......X...L...-.......)...)...B.......X...).......X...).......X...).......X...)...............).......X.......X.>.).......X...).......X...).......X........... .......X.0.).......X...).......X...).......X...).......X........... ........... .......X...).......X...).......X...).......X...).......X...).......X........... ........... ........... .......X...'...L...*.......X...-...'.......D...X...*.......X.......-.......B...............-...'...........D...X...'...L...K............\u%.4x\u%.4x.\u%.4x.............................C.......-...........B.......X...-...............D...X...L...K...............A-.......'...-...B.......-.......'...B.......X.0.-.....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2315
                                                                                                                                                                          Entropy (8bit):5.736679766271146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:5JwHko/hrVeTYVJe7yAeeSiQRlVavdyJmlF6AjmjAHfs:UHkoucKOA7jQzRm36k6A/s
                                                                                                                                                                          MD5:23B615D0D66D1113EA7F2F8C640A5097
                                                                                                                                                                          SHA1:C20551AAD8F385C6251254866CD839E381FFCFF3
                                                                                                                                                                          SHA-256:A75781DA1A65843FDF2266DC6BCDF2F9C9D31CF8F4D20CF840F03D3ECD654DD8
                                                                                                                                                                          SHA-512:3DD24BD30237A157447FC71CB3BBA86F4A7D589704888367FB161FB0F1E49F0C7A4BAB454137DBD341E4ED95A1202701B90490168D7A97872DB85653D7F90392
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........]6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...9...4...<...9...8...)...........X...U...8...9.......X...X.......X...5...=...=...8.......X...8...9.......X...6...9...........5...=...4...<...=...B...X...6...9...8...9.......B...K....handlers....order..handlers..insert.table.check_updater_flag.handler....handler..check_updater_flag..order._registry.handler must be a function.function handler id must be a string#handler order must be a number.number event type must be a string.string.type.assert.|.......6...6.......B.......X...+...X...+...'...B...9...+...<...K...._registry event type must be a string.string.type.assert........)6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...K...9...8...)...........X...U...8...9...+...<.......X...K....handlers._registry handler id must be a string e

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2305
                                                                                                                                                                          Entropy (8bit):5.843848594991481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:DhmEnssOUb+Oi6ZNmMWpIJQtbNSE6N+iwgOLL2X7eKTGn8tAwlTzX:DUEssOUSOMtpIJQtbSEivXCKhtAGX
                                                                                                                                                                          MD5:3520FA72735133EAC7A2A4CF0EB8B928
                                                                                                                                                                          SHA1:B6AF95708C3C88296C3B83BE1FB254179ED94593
                                                                                                                                                                          SHA-256:13E62CF4BEE454DDAC70336AD8C28D063CF852DDB43E18912C954407797CF55E
                                                                                                                                                                          SHA-512:2640D6D81FA03703CABD082D7A38AA6D76D0758C82D41B0ED856FB94E66499A88629CB7F201E940076B3F4E4F23A2AF7695E2D7DA8D286A1AA66B4E4F52E3718
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........5...'...6.......B...X.......9...'...'...B.......9...'...........&...B...6...........B...E...R...K....require.Loading script: .info...luc.gsub.ipairs.mfw\core\.....dkjson.luc.handlers.luc.PostInit.luc.json.luc.PriorityQueue.luc.UiArbitratorHelper.luc.UiHandler.luc.UiThreadExitHandler.luc.utils\SettingsDB.luc.utils\StringUtils.luc.utils\PackageUtils.luc.utils\BrowserUtils.luc.utils\common_utils.luc...... ...6...9.......)...B.......X...6...9.......)...B.......X...+...X...+.......X.".....9...'...B.......X.......9...'...'...B.......9...'.......'.......&...B...6...6.......'.......'...&...B.......X.Z.....9.......B...X.U.....X.:.....9...'...'...B.......9...'...B...6.......9.......'.......'...&...+...B.......X.......9.......B...K...6.......9...........B...6...9...9.......9...........B...'.......'.......&...6.......9...B...'.......&...-...............B...X.......X.......X.......X.......9...'.......'.......&...B...-.......'.......&.......'.......&.......B...K......Found subdirectory

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):562
                                                                                                                                                                          Entropy (8bit):5.4883641051879914
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6uNkydLkg5M10kgPv7BkkFAtLvYUkjoU+TmUEf:6IoERB2tLHUGwf
                                                                                                                                                                          MD5:0C82522CAFF671B7C481F594411F2F08
                                                                                                                                                                          SHA1:3C6C1DC686DD524891079E382B4AEAE5974DBA9A
                                                                                                                                                                          SHA-256:5FA68D7AD18C33EEE4A71E838C7D951C2C2656D03F50ADDFC62291F11199A7A5
                                                                                                                                                                          SHA-512:CB2CF6834E66063CF34ACBFD534439996E5BF3235A36708E493105D4FA200E309733BF6F9DA55D8741F06BB1632584F947AB70344B49F8A91BCA81676879343C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........9...9.......)...+...B.......X...6...'.......9...)...).<.B...'.......'...'.......&...B...L.... pos: .',.), error: '.sub#Failed to decode json string (.error.decode._json3.......9...9.......5...D.......indent..encode._json.........6...9.......X...6...4...=...6...5...6...9.......X...6...'...B...=...3...=...3...=...=...K....encode..decode.._json....encode.._json..decode..core.dkjson.require.dkjsonTest.json.core._G...//5978B0CAF663886B7BA14FEFEF0D9A85B433B96C101A3A3F8D24D1927330B6E7FAB93BE793A42923F6DD3D8C6F65367041260F4FB3EBBAC7AC68A71D15BBBBC8++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):699
                                                                                                                                                                          Entropy (8bit):5.329885535844202
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6x5bYn4wF0WNYtAr78KQK78KTR78Ky78KSV+AQlm1ZMWOPGgMuM24An8bnNSKpdk:6u4wF0WNEUyg1qWOug82N8jAMAqTi
                                                                                                                                                                          MD5:5A0EF4664B797B6F7B6A26FE551B31CF
                                                                                                                                                                          SHA1:CABE08555ACBBEAB6C064A87C263A7E6A5CD5656
                                                                                                                                                                          SHA-256:4A51796B530FF23E6E7C2D986F17ABFF3B828E5F86F39EC4CC2B2CFCE0173B91
                                                                                                                                                                          SHA-512:C991F566D8C9F3D0C4361079FDDA85466EA74C5994529BA2A7EC46328C5CF9D3D3215EFD54D08CDD010B9F981C075A0D4F6F213C2A31011E4D8EE509BBD429BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........G.......X.......9...G...A.......6...9...)...B...6.......9.......9...9.......B...K....currentline.short_src.Log.utility.getinfo.debug.format........-...-...9.......G...A...K........Normal/.......-...-...9.......G...A...K........Warning-.......-...-...9.......G...A...K........Error0.......-...-...9.......G...A...K........Critical.........6...9.......X...6...4...=...5...3...6...5...3...=...3...=...3...=...3...=...=...2...K....critical..err..warn..info....warn..info..critical..err...log.....Warning...Error...Critical...Normal...Automation...core._G...//0966E7F515283E273ACBCACFD0DD1C5E7AAC6239BC7C2766795554C272176E3F5A9B7F182B12F84F7F48C27D689C7045313EB127DE417BD8AD4E22CAF5736F0A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):980
                                                                                                                                                                          Entropy (8bit):5.699909195659202
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6YDsnrMjnBNMVCXMgrmPJ4rAobrLQJxX+fThOhcqtflUDBs5:JuIjYVpgyhgbrLQTkEhcqZlsC5
                                                                                                                                                                          MD5:75D95D21674993A821F2D4FDF3871DA2
                                                                                                                                                                          SHA1:49736A6B2461EE9425FEC80F29FE81AA72C7DBE9
                                                                                                                                                                          SHA-256:8F9731CE44A2914F3F03AF3240DF4B4885309A98BBA53B4AFB5628FF8CD1A4C0
                                                                                                                                                                          SHA-512:A0B90BD93A3B43D55D6A702BF65E779DE86DF06ADCFC707E84614E74786113F0EB4A5AE0A4E842FD76707539551330D5673D2EA93F81468DBF1EDFA09FD69C71
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........96...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...)...9...........X...U...9...8...9.......X...X.......X...6...9...9.......5...=...=...=...B...K....callback.id....callback..id..order..insert.table.order._registry%Callback type must be a function.function!Callback ID must be a string.string$Callback order must be a number.number.type.assert..........6...9...B...X...6...9.......9...'...9...9...B...6...9...B.......X...6...9.......9...'.......B...E...R...K... Failed to run callback (%s).err.callback.pcall.id.order4Executing post-init callback. order: %d, id: %s.info.log.core._registry.ipairs.........6...9.......X...6...4...=...6...5...4...=...3...=...3...=...=...K....execute..register.._registry....register.._registry..execute..PostInit.core._G...//2CC7DF6538F086396E329725B3528D301943E946D4173342978FD1CDF61306157AC0B64DE87125C79877B3054BA56D61119326F5654ACA6D03C8BE5E8AB9D928++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1267
                                                                                                                                                                          Entropy (8bit):4.994679765460364
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6enUdjWd4nqwwDRmvA5bxMi0kdVxIXkfF32CG79lgxLEIeYlRl4R/Y8:znUd6UqwwdQA5bxMiNVjHyCdEI/mt/
                                                                                                                                                                          MD5:87A95CC6A3DDD7827E448B0A603C0693
                                                                                                                                                                          SHA1:E40A4AD03FA1EEE6AD5C2FD6E10855605B221CF7
                                                                                                                                                                          SHA-256:7F0FB6C90341D6FE50219A6557C22D89F4A08FF34AB07D026A4679B162518506
                                                                                                                                                                          SHA-512:418FFC2A26756D827977795D67011DC213EAD07E27ECB5E57F21186C612E4DE61D9A713E945E6C5A7F08A4ECE17E19447226AEC3DD1EA6975074DDF9F9A102CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........1-...9...B.......X...5...=...=.......-...........K...-...9.......X...5...-...=...=...=.......-...........K...-...9.......X...U...9...9.......X...X...9...X...5...9...=...=...=...=...-...........K.............next..value..priority..next....next..value..priority..value.priority....priority..value..Empty.k.......4...)...-.......X...U...5...9...=...9...=...<.......9...X...L......next.v.value.p....v..p..priority........."-...9...B.......X...K...-...-...+.......X...U...9.......X.......X...-...9...-...9.......X...9...=...-...........X.......+...9...X...K..........next.value.Empty._.......-...9...B.......X...+...L...-...-...9.......-...........9...L..........value.next.Empty.?.......-...9...B.......X...+...L...-...9...L........value.EmptyB.......-...9...B.......X...+...L...-...9...L........priority.Empty........-...L.....&.......-.......X...+...X...+...L...............4...+...)...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...2...L.....Empty..Size..TopPriority..Top

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):476
                                                                                                                                                                          Entropy (8bit):5.403433806188916
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6gQrQouWHpCJHMjvoQwqbADclzB8AUECTCixs5Qx:6NpCFgAD8KAULmiKC
                                                                                                                                                                          MD5:0C7192E01776384350DB9D8385F969AB
                                                                                                                                                                          SHA1:A28D8131B4E00DD60E9A990D15BBA0C132CE1079
                                                                                                                                                                          SHA-256:BC3DEF1232BAA5BB547545F2C25CF5BAD52B9B47F2FC36F8A8859A0E5D65D5E1
                                                                                                                                                                          SHA-512:B36B532E747D0C6F498D14F1EC35D312B60C0FA33FB023AC05C9FB31FC7D92228A20F5C257334633CD3CF109EAC651E2994CCD48389FBD7A347E2C57E33E8670
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package=.......6...9.......9...........B...K....execute.handlers.coren.......6...3...=...6...'...B...6...9...B...3...7...K....HandleTrigger..loadPackages.core.core.init..require._G...//A04AE81F1AC78C57BEA1A6292D4647852EB9EAD9E9E484675B31EF517125322F9FD381B5934C3BDA6BE4C7C5B3CFBA3D19B596C1283C0E6BB1C045EA98EA8C66++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3788
                                                                                                                                                                          Entropy (8bit):5.552469780564675
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cklXeOJw5g1AGiz8wE8xxveb8ZvRXfy9L7W:ckRhwGKd8wE8xxveb8jXfy9nW
                                                                                                                                                                          MD5:81E0A180BFD797E6BA36FEEA6C102413
                                                                                                                                                                          SHA1:08132153CCDC3FE8CDF6D68A1F395B55853018B7
                                                                                                                                                                          SHA-256:9A04D219A19827DB88BCF1E7EEF2DC33A860B11F8A61E202123ECBFBE9C8F52A
                                                                                                                                                                          SHA-512:16AF20AB11D021953505D614EFA33139173AF2119457C6198B582264041EF6F22F2E5A5EC9B0498CE841C7B3E5497690125F303DD2AE44C0DFA937B28DE5B8AD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.....T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.............-...........-...L......0.......0...4.......4.......4.......K............B.......4...6.......B...H...8...9...B...<...F...R...L....Data.pairs........"3...7...5...-...=...-...=...6...-...B...=...6...-...B...=...6...9.......9.......5...B...6.......9.......B.......X...+...X...+...2...L............StoreArbitratorState.uimanager....indent..encode.json.core.ShowingUiRequests.PendingUiRequests.UiRequests.uiId....uiId..PendingUiRequests..ShowingUiRequests..UiRequests..DumpTableData...............4...6.......B...H...6...9...9...B...<...6.......B...H...8...9...6...9...B...6...9...B...A...F...R...F...R...L....v.p.tonumber.Push.new.PriorityQueue.core.pairs.........3...7...6...9.......9.......B...9.......9.......6...9...B.......6...9...B.......K............ShowingUiRequests.Pen

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1220
                                                                                                                                                                          Entropy (8bit):5.915091404145217
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6I0lBHW+Tks5h4uxHN2+PBh5DKScPDDQ5c4acKf38tRqV1Q0rOjsY4RKnaZcQ/c:Kzd7h4uqwRKScPDvMtYlrq4RKT
                                                                                                                                                                          MD5:8F145C904518DB1406476CA8FB237EA1
                                                                                                                                                                          SHA1:EB440C3301F48AC4BE22CFB7FB93EE0F9092CEA6
                                                                                                                                                                          SHA-256:C91BA1420D89C87F3EC1CE84D460D7F531FDD89A3BC1C30238A48F2D294FF1A8
                                                                                                                                                                          SHA-512:F1CB7AB8461603B983C3799A2F318C417369E6BDCDD0D950AFD3217244756982ED2DBC018909312EF1682AA1869A6B82184186859B090B3725063EDA35FC9E6B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........)...6...9...9...B...9...B...=...9...9...B...9.......5...=...=...B...6...9...9...B...'.......&...9.......B...+.......X.......X.......X.'.9.......X.$.6...9.......9.......B...6...9.......9.......B...6.......9...........B...7...6.......X.I.6...9.......9...'...9...&...B...9...............B...X.;.9.......X...9.......X...9...6...9...9.......9...9...9. .6.!.9.".B...A...+...9.#.....B...6...9.......9...'.$.9...&...B...X...9.%.....X...6...9.......9...'.&.9...&...B...9.'.............B...X...6...9.......9...'.(.9...&...B...9.#.....B...........J...6uihandler: no special options, removing request: .AddPending"uihandler: adding to pending .skipPending,uihandler: Added a delay timestamp for .RemoveRequest.time.os.setting_name.setting_scope.SetOption.SettingsDB.utils.delay_data.delay.AddShowing"uihandler: adding to showing .info.log.ret.Show.uimanager.encode.json.overrideSelfPriority.TopShowing._.Browser.EventData.tostring.templateArgs.config....config..templateArgs..AddRequest.UiType.UiTypeI

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1141
                                                                                                                                                                          Entropy (8bit):5.941607065548458
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6Bld27yrNDybt88WP3CvwgefKS6VlceP1Q3D2c0ebE0+pwp+vE94:UsQgu8QgWaZ1427ej+Gp+8C
                                                                                                                                                                          MD5:D892D62313540E1ED073B6BDF7121A80
                                                                                                                                                                          SHA1:1E0BB14013D49F68DFDB90D767E4AF1A2E59DAD3
                                                                                                                                                                          SHA-256:376C12DC224A6A2F70A6B64A8E0B8AB25FC9D78E8ABB48D3A0BC6371F52D0468
                                                                                                                                                                          SHA-512:93F95CCE8C380C40502FDD52A09179BE825D7AD7D466C951EB4465AF9457508374BDD15188B821E45A4312791CC378F6313BDEDFEFB551E4FF0CDDB81EC0E58B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........$.z6...9...9...B...9...9.......B.......X...6...9.......9...'...B...K...9...9.......X. .6...9.......9...'...6...9...9...B...&...B...6...6...9...9...'...6.......B...'...&...B...A.......X...6...9.......9...'.......B...9...9...9...B...6...9...9...9...B...'.......&...9...........B...9.......B...9.......B...).......X.+.9.......B...9.......B.......X.......X.!.9.......B...9.......B...6...9.......9...9...B...6...9.......9...9...B...6. .....9.!.........B...7.".6.".....X...9.#.............B...K....AddShowing.ret.Show.uimanager.templateArgs.encode.json.PopPending.TopPending.TopShowing.NumPending.RemoveRequest.RemoveShowing._.Browser.EventData.UiType.UiTypeInfo'Failed to run onExit callback (%s).).(.load.pcall.tostring6UiThreadExitHandler: requestData.config.onExit = .info.onExit.config,UiThreadExitHandler: requestData == nil.err.log.RequestData.ID.GetInstance.UiArbitratorHelper.core.....j.......3...6...9.......9...'...)...'.......B...K....Core_UiThreadExit.UiThreadExit.register.handlers

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3251
                                                                                                                                                                          Entropy (8bit):5.531580876024518
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:f/BP24m6A8F6JjKtwxzqE+zqlRwr6RwEJdrNLu1hrdOWsaBA:f/BP24mvzxSwxzKz0+KRd01hoKBA
                                                                                                                                                                          MD5:2B4A67342C584C9B9C3668896884DC03
                                                                                                                                                                          SHA1:B6663290BEC311FC9C584A23FE20DBDFC5B8B147
                                                                                                                                                                          SHA-256:3FCF58D474734E572E264F83281C7D315AD4246ACB60E316FFB385A6F0E038CA
                                                                                                                                                                          SHA-512:EF2D9ADAA6D480930A56ACC1E4F66FD45F988DB1CE96C1DE2676D9059F5CCAC7B8AE2A6455C698336DE773924A7019B2502753A1BBA46F5E8877DF82070DE0E3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..a.......6...9...9...9...........B.......X...+...X...+...L....GetBrowserStr.BrowserUtils.utils.coreI.......6...9...9...9...8...L....BrowserTypeString.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...............D....GetOption.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...........D..."GetUserOptionWithSystemBackup.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core........"6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...6...9...9...9...9...J.......'.......&...6.......9...........D...,GetUserOptionAndErrCodeWithSystemBackup.settings._.Unknown.settings_error_codes.common_utils.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6002
                                                                                                                                                                          Entropy (8bit):5.582050221373269
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:zjx4bqxfcsUvEBsF5e8yQLv13RBgoNevPg/lsvebKlDPCeat:zjx4bqi80EcvpjNIPsCebKleek
                                                                                                                                                                          MD5:FF2C89AD86AA498588D50F222E1E1312
                                                                                                                                                                          SHA1:BF1DC6666EF3AB96A97A0829DB651BE64C1914E7
                                                                                                                                                                          SHA-256:52FC880CF8D169B38141A627982869348F9F17A138202B094F9AA9E1B502ABBD
                                                                                                                                                                          SHA-512:8134B235C9FCFE3171AAD7B6B5EA2050D030C3A1067F44D50EFF8FD20BCA5EF1787DEBBD6CFD4CFC897327AC41582CA90EB481AC5A4BF4CD96E0C35D805D2E55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D....tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core................X...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....WrongType.DoesNotExist.Success.settings_error_codes.common_utils.utils.core.........6...9...9...'...'...)...6...9...6...9...9...9...6...9...9...9...B...A.......9...D....IsValid.KEY_WOW64_64KEY.KEY_READ.RegistrySamConstants.bor.bit5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core........06.......B.......X.......9...B.......X...+...L...6.......9...)...)...B...A...6.......9...)...)...B...A...6.......9...)...)...B...A.......X.......X.......X...+...L...6...9...5...=...=...=...D....day.month.year....min...sec...hour...day..month..year..time.os.sub.tonumber.len.string.type.,.......6...9...!...-...#...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):867
                                                                                                                                                                          Entropy (8bit):5.420155880344147
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6DA+0TGrcQqcnEbbqTrc8u6BIuAfcnquJv:eJcQqcEfIcd6BIuAf/8v
                                                                                                                                                                          MD5:CDD29945D0C68EB61CEE10443472EEF1
                                                                                                                                                                          SHA1:823D487C44AE9B75A51BE9849380B42CBD621DDD
                                                                                                                                                                          SHA-256:1D2BFEC6357810B63C4D221C8542FDCE455FFC0686E9CFA695EDC631ED5B14DD
                                                                                                                                                                          SHA-512:E92E26B23DA060FB1134E80D71BE121BC4A93980E56E03E5F94A91859B98F8486E1DF57A64C087D254F44FDA24AF275B54E99C78B0FD26ACE5FC8D6D50159659
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...-...<...K.....%Package version must be a string"Package name must be a string.string.type.assertr.......6...6.......B.......X...+...X...+...'...B...-...8...L....."Package name must be a string.string.type.assert.........6...6.......B.......X...+...X...+...'...B...6.......9...B...'.......'...&...L....\.mfw\packages\.GetInstallPath.utility"Package name must be a string.string.type.assert........&6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...4...6...9...9...3...=...6...9...9...3...=...6...9...9...3...=...2...K.....GetPackagePath..GetPackageVersion..SetPackageVersion.PackageUtils.utils.core._G...//EEDA1B62B0BABFBD34F253DA79417CD49A955337F0D4AE061213855F9E674327B5D8C77004B5CCF9ACC3E8B7B81F5CE1C051B86BB6B7C527AF3492D462FD8B09++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):761
                                                                                                                                                                          Entropy (8bit):5.493514972861823
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:67gclf2Magc5B/oQjf8uSIcz5qqxDax0fh99ATjS8tX8PN71u+xMIf8wQjXeqqxs:6RpaZB4uSIc/O4Du+xCwUe9eP6i
                                                                                                                                                                          MD5:30C2FDDCAB3389AE2E04F14ECCFEFE7B
                                                                                                                                                                          SHA1:EF74BC536D9A56A5BC3BD6787B2C805ED62EFCD0
                                                                                                                                                                          SHA-256:54006C552A5789278084466B52904D12E7AF1C07422267E4FD8EC5C1BD9AC250
                                                                                                                                                                          SHA-512:F5889A0C7D9D48C79DDFED1E224B298B60C56EBB91D76EA74977C24EB9261D013E98DF1185EDF307018625248727BBA636CC0A1A63963006E42B0E72C3F3CAF4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..6.......6.......9...............D....GetOption.settings.........6.......9...............B.......X...6...9.......9...'...6...9...&...B...L....Name.elem.Failed to set option: .err.log.core.SetOption.settings.........6...9...B...X...6...9...9.......9...9...9...9...B...E...R...K....Value.Name.Context.SetOption.SettingsDB.utils.core.Settings.ipairs........)6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...6...9...9...3...=...3...6...9.......9...'...)...'.......B...K....Utils_SettingsUpdate.SETTINGS_UPDATE.register.handlers...SetOption..GetOption.SettingsDB.utils.core._G...//6BEA2EB0FFC1AEAD1F13002ED7939A51D869C6CEA7F2829DBC2904ECB1D774477B9D77FDB2FCDDEB8045986F792B45AE25E091A485D39495D98C89C1DFB2ADDA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):381
                                                                                                                                                                          Entropy (8bit):5.192806180869675
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6emuLqNlmHiRDPVj9fE+ATjS8JYcR7Qh9bFDVS62Zdu1t3wFPvdWQIn:67lmHiRDh99ATjS8atj5V3wdu1izPIn
                                                                                                                                                                          MD5:C7357C3ACFC7BF9BE6F1EE4DA1F9EED2
                                                                                                                                                                          SHA1:D2AD3BC41D5BCA5826BDB06BCAC064FF28179C62
                                                                                                                                                                          SHA-256:628F854469B54B3C88C1FB6035BB86270A92CF8D049889822CC316635CB20EE9
                                                                                                                                                                          SHA-512:9E102CD2206847C3E27E836EC9C38DBB6DE27547971391BB70983ADB19B078422F71FBAB065AD59631B53290D9AEEB254176344C2923FE5BFAE9A17F0D3B428B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..O.......6.......B...X.......9.......B.......X...L...E...R...+...L....find.ipairs.........6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...K.....MatchInPatternsArray.StringUtils.utils.core._G...//F62C77D6F474015EDABFF60D7E46FA815F06323665B7150C7866A0657CF815BB11A0199713AF92E27F2E3D614D3B44514A71F277956673F679985E61330FB7C1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30539
                                                                                                                                                                          Entropy (8bit):5.704642369166357
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:JX/CIGkba/ZqyBhyCTz5KamxnbxSHo44G29gJ6UOzC0Ob:Jfah5yAKaqboIrG29gJ6NzCt
                                                                                                                                                                          MD5:C4658946A09BD22D3E0E262A9EC1EBBF
                                                                                                                                                                          SHA1:2B45539B2F030D99689D7DCF839FE3C0B2A1072A
                                                                                                                                                                          SHA-256:02E3CBA1C4491E184C6583BD8C35263175AFD5A893EEBF11B3A2457A78BFF724
                                                                                                                                                                          SHA-512:CA76966A53D934121EC84FD6287C3CCC1825A42E59E5423C3F8094EE2C4E53DEC30B6113E183E12C56EC7C0A58F8213B588F565B0DE26381938A13D4FBBF9067
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..9...........X...6...9...9.......B...K....CloseHandle.C.ffi2.......=...6...9...9...3...B...K.....gc.ffi.handleV...........X...6...9...9...9.......B...K....DestroyEnvironmentBlock.userenv.Win32.core/.......=...6...9...9...3...B...K.....gc.ffi.env1.......6...9...9.......B...K....RegCloseKey.C.ffi........<....X...'.......X...).......X...6...9...9...9...6...9...9...............B...7...6.......X...+...=...2. .6...9...'...B...=...6...9...9...6...............9...B...6...9...9...9.......X...+...=...2...9...:...=...6...9...9...3...B...K...K...K.....gc.ERROR_SUCCESS.Win32ErrorConstants.RegOpenKeyExA.C.void*[1].new.ffi.hKey.rootKey.GetRootHKEYFromString.KEY_READ.RegistrySamConstants.Win32.core.(.......9.......X...+...X...+...L....hKey........n....9...B.......X...6...9.......9...'...B...6...9...'...B...6...9...'...B...6...9...9...9...,...........,...B...6...9...9...9.......X...6...9.......9...6...9...'...6...9...9.......B...A...A...4...)...:.......)...M.5.6...9...'...:.......B...6...9...'...:.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2338
                                                                                                                                                                          Entropy (8bit):5.634661983308953
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:ulTdkjpbD/Lcww/IvvfpNC28F4dHX879pKo1koJyLzF30F0LAw0q4k9F:ubkFbDwRwvvfpp8F4dHXk9pKo1koJyLD
                                                                                                                                                                          MD5:0BB0A2B9A63053149EE717E7D88BAD5A
                                                                                                                                                                          SHA1:4BE9E7378E349862653D4C42BACADB756A685AAD
                                                                                                                                                                          SHA-256:143BC8CB43D56F6E6B38C680344E6F179C245FD99BDDF2BA1E61D701222F0D53
                                                                                                                                                                          SHA-512:4A64181FE8D9ECD71CDB98F9DEF6251A15FFCC8471C491802617CCCB54A6E329EF34794821861962BB666126B46EFD1508BE01E30E77D3107951F8A10BE793A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........Z6...9.......9...'...B...+...9.......X...6...9.......9...'...B...K...6...9...9...9...9...8...6...-...B...X.6.6...9.......9...'...6...9...B...'...6...9...B...'...6...9...B...'...6...9...B...&...B...9.......X...9...'.......&...6...9.......9...'...6.......B...&...B...6.......9...9.......9...B...X...6.......9...9...9...9...B...E...R...6...9.......9...'...B...K......handle_reset_event: end.SetOption.settings/handle_reset_event: local setting name is ._.reset_value., reset_value = .add_browser_suffix., browser specific - .scope., scope .name.tostring+handle_reset_event: resetting setting .ipairs.BrowserTypeStringLow.BrowserUtils.utilsBhandle_reset_event: no browser field in event_data. returning.Browser.handle_reset_event: start.info.log.core......../4...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...3...6...9.......9...'...)...'.......B...2...K....reset_settings.event_on_reset_settings.reg

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 54 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):509
                                                                                                                                                                          Entropy (8bit):7.265106458574301
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/76lJ/6Ts/4qfsK+Sz2D2cP03cbekp8LuwkWBjMAraM7P:9lJ/68fsPSyFP03gpLWqu7P
                                                                                                                                                                          MD5:B9239E137DA0942222FD6E7FBB95F084
                                                                                                                                                                          SHA1:4D8B1C9DA9E1A8772F5C6929A4337D5D9A659EF7
                                                                                                                                                                          SHA-256:FB3B5BE9639CDB51AEDA6F379B0E3D78E64035C53EBBD9D99D28E6913A6BB761
                                                                                                                                                                          SHA-512:02EEB55B6C2A00D6E638B57CF448A5110C40A0962D68121BB869C8CD82812AA50FCC882A0E3FCFBF9DA5047F15A2686176CCFA1F61044DD8BF7F0CC957A630BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...6.........c..+....pHYs.................sRGB.........gAMA......a.....IDATx....M.0......kzH..+d.6..$.0BF..e..!7. ......B...I..g....{.].b.D.K.....".e..."}k~..Sk.y.R...1.x.R....rcp9'.!.......n.&.<.zc.9..(..W..7..9.ZbX.d..e*.....n2v5i.x.!.8.0d....l.D..7N..q.D...N..q.D..T.X.....Ccq.ah......S..MS<..b...C.KI;h......a...k.%..`fx......{e&.r7.)...P$.T.Q(....(........h..P.G..Q(...(....i(....(....0....p....i....5`....p.c...5`......i^.e....dC!.0M.c.....^...4?..R...Kb_}nL...i.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):525
                                                                                                                                                                          Entropy (8bit):7.401937246200202
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7W7/6Ts/B2l3fqAXsMj1VswTbTfH9O95UzdOo9Fy2S97:F/6B3io1p79O/kdjHy2St
                                                                                                                                                                          MD5:CFD3007010FA11DFE25FA8D48E65E72A
                                                                                                                                                                          SHA1:9973303D168AECC57EF380EB705DB4B7C6055766
                                                                                                                                                                          SHA-256:8FFC2BAD58D0322050F9AF74D140A23A589AA6E0710D6E48285FCC123A80ACE4
                                                                                                                                                                          SHA-512:DA7514A4B7CCED85378E25B49742AB674937B7CE3AB714923D848CC1F3CE38CF6C11A0DEA8B97C2860B0BCFC770ED3CC39E74AA358A63BFE81E9DC47754DA60B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......6......<......pHYs.................sRGB.........gAMA......a.....IDATx...MJ.@..........EA\y....y........'..R.B=B.."dmM.L...$........4...$......I..........\ '.r;..~.o...zy(Ujq.vu.,.C.W.!t<......Q..h.....@C(.(x......#.P.>.......pD4..W>'.<...........#g..s..........r.c...p.7"&....k.._.os...SL.b......../8.......w..B.%.K4./......9.......&5'....x).}.........P...3Oo.^.........P-^..r...h.W.,.q...2.\..>.........}2M.G.t.3I.{... .....Cb.b8u.....1.:.S.p..N..c8u.....1.:.S...Di.(.."....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 150 x 198, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13807
                                                                                                                                                                          Entropy (8bit):7.980033051105471
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:r82XmabuE9fiCT7j5ggQkSDKoEBF4mRzzJt:40XiClggenEBp
                                                                                                                                                                          MD5:A7522FA80144583C5F0E070F50E06C47
                                                                                                                                                                          SHA1:FF32E2DB5468B183DE1FC7A68D3F82BCAC033262
                                                                                                                                                                          SHA-256:AE9F79BE354331730247196BAF87001D48330E8452593952820AFEE0DCE5724D
                                                                                                                                                                          SHA-512:FB8E730EB796F051AB4E84A1277C2C6B53CC8DFCA96CAD8B3CCE4DB48675B3D7AE008F1A1B100D776E1BB9F040CE0DCEC020462F13C9CC42126F463F87CC0802
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............0.y.....pHYs.................sRGB.........gAMA......a...5.IDATx..}m.#7.% _..c........{....X."upp........Uf. ...J...._......p.y...?.v.........UA.....k.i..W.+...f.?..8h.F.C..:..z.=...\.)..P.+yW.....km8.O.N.;s..9Hs....x....ni.2b..1.....$:.V.c%.~...4Q.w....VuT<N..... .....^.....j."Q../#n'....K..d...h.c...tQ'....L.U6@^.K..g.. .....>1;.@..m./...<.0.......d..o.t#........!d0.^9..|..D..K..6..Z....<....N-...M....%....B04Rr.. H......u...f.........|\.q...r.'Vt.g...,...[.V.....t%..]..H...J .G:.....x.....).....,.K..)....jC..........d(.m7p*9L.Lr=.Dc.~..f}8.J.c8.`..`i.Q.'..S.......ZT^1..L{n.Qy.._.6..)hv./41!.i.7'}..F.L:. .... K._Ag.L%{..:/[n.P.I..g].D.80J,o....)g..~.z.P......y.\..K..7^+..d..]42..k...+=.>.......k[..(....E....Zk.;..q.xu..?.H.t.*.N|.....].u..B/.TJ.+.x'.I..$@.)8.7..R..:9.)y....x...e...;^eP....K...H.G...#.)..t.=..>0..........I...n..,K|)8.....o.?.n'.....h......u.s_..`:A.....R.7G.v..$'..9w5v ,..x...xL1>.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):312
                                                                                                                                                                          Entropy (8bit):6.773823438465042
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhP8AMx7/6TsR/Jr5OhJTtEEc+GbxMWMEHFGejHr5fDp:6v/7kAMx7/6Ts/Jr5GJxJFmxMQHFG8Ln
                                                                                                                                                                          MD5:539828AA00E3933554AD071A88D2620B
                                                                                                                                                                          SHA1:EAB3ED1CE4E11D3428840E48870BC138DAD58499
                                                                                                                                                                          SHA-256:CEB6F6C99816B65716862B6353DF4D4425D9E023A6BBEF7180E63954BAFED91B
                                                                                                                                                                          SHA-512:0982F97ADA2F432BFAA87AD0598F4CB5AE482A4E57D5CD81F4848B62A7C9783F988DCE1E8DCCDB2C7D0F16DEF28387BB702E91C33E65E6EECE365548201536D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............w&....pHYs.................sRGB.........gAMA......a.....IDATx.}....0....-.#...A..$.H&@....F.]..D6`.2B.T...d.X....>.g..)..\]h...ho.,.j....N.'p5.Jj.....0..Y.........<..1,.v.....Jj.wr...d0.....cz(..b......d...w.......eW...C'ah....0....`..3..b.)..R.#....3q........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 44 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1620
                                                                                                                                                                          Entropy (8bit):7.801361627421433
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:y/6nDZIGswiTaw1GdSET4w+r3RMMzXVetutVp6ipbIlSmdTKS:ySn+UP4wGMMzXVEut/6gElS+
                                                                                                                                                                          MD5:6432DED3B3287224306B81E0204B1515
                                                                                                                                                                          SHA1:4CED825AC86462D8004F80FEB0D771A8BAB89D0F
                                                                                                                                                                          SHA-256:41998FBE91B8B250B389D89D1AA80D5817E4F2D51CE929A7D89F37AE0093D8B5
                                                                                                                                                                          SHA-512:25AD6EA2105CDFE64D7153DCBC27F6EB64AD2565ABF378F6B8E0B7B8BDCADC8F370962B843714137720FC290CF41277ED612EB4660A209C67B1C7B44A4CAE486
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...,...0.....j.......pHYs.................sRGB.........gAMA......a.....IDATx..Ml.E....&.*M..qZ...R%..a.....VH......ZG...PW.=.!..*R..'.........:.R...I.TD,5j..`;..M.;...7..^..H.K....L~y~...1.}..c..}.f..6*.r..;..05sei-bw.....@..Q.\..<.X..........C...A!....m.!.<....=.y.h_<...D.\.A. .q.....oW5mcn.o$..{..]...^..q..p..4...O..5..D.(g.Cv-^.O....fLZ.6[...A.5.EN..............6(.<.~.d.a.Yt...nX5.-V].R....?......l...."...x..].......~..Qh^I....,....S...u.....b.4...Z.j\8......_........_.W..<^...e{..8.(I..r.PPa0...)<."h4....g.$..j(J.....-J.;x.+......6...V..V=sa.)..R:#.........[...^.>K.&..J.V.....=.ww...5[.L...&.".b.../..e..........iq...K.Y...K,d.'.,b..c....a.A.9Z.j.c.^X......]1.\{......y..C.O....8..px......(\L-f.=..0..x)....?......?.-..k.e\c3.7'.N"..'..]....9..K...5...95..k."<.....&.a.Z..w.>........Z....&_SL....B7..FD...0.)J.a.O7....*.Bd...oU+.|Z.di......^.@.s.TF....u9.+E.|f^.K....u..K..v..^....N.n`%Z..>ZYw=6v.g......Q..._l.gFS.Yl.O.1.~b.^...s..~d.I.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\edge_close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):249
                                                                                                                                                                          Entropy (8bit):6.533034399677308
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPZ2/6TsR/UxOffGpLpMvlvtJ/Iu2+jgDjp:6v/74/6Ts/1nGpLSvyuGZ
                                                                                                                                                                          MD5:2172007725790B2B7A52D88DF43625A2
                                                                                                                                                                          SHA1:56FD774395C97B8FBBF783A9BBEAF2D332252C4C
                                                                                                                                                                          SHA-256:7537D8C8ED8AA44DD86002D4B67E0E14033E2A55CCD174F71D4DC504EE2BA8B8
                                                                                                                                                                          SHA-512:23D3347A1944A66684C4B5E02DDDA1BD3C4B3AC43EE2E48E30010DF6C64C0F627D43B88D3F968BE499164B956A43C8EE439937B00E461643DB2287E4F96418E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a.....IDATx..T... ..L.U....QWq.......L$..%&F.;..h.H).2f...\k.e..W..#n..}...|....,...N...@.M......f.!q.@1!T\....).-rh..>...!\.....^.K.....7...q....$......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 190, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18923
                                                                                                                                                                          Entropy (8bit):7.9861701934335665
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:rRQZ43uKP67gxwrBM1vfj16druGvBBuf9aDGCdOGuQ0Xzu:lQ/KnnAJdy1aNdpuQ7
                                                                                                                                                                          MD5:414AABA2691D865AF446A88F56DB10BF
                                                                                                                                                                          SHA1:C7DE664C4AE999D4F31678C106C336A8AA12FEBE
                                                                                                                                                                          SHA-256:A7B0B6B5834C71BF51DEA60B92CDB84692D7082D219F2FD460DA8B06D761B088
                                                                                                                                                                          SHA-512:394AAFB7F371DF5A2456E4D1F478515099EA077E2EC3B3F749D1CF7E2EA1FF27BBF28DF369345D785A74D920A6829F2E11C27B380C94E175EA1221DF90638800
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...I.IDATx..}..^Gqf.....i.dI^dI.....&..c..-,38.@&..`.!...pfB..L.,..@..$.93$.r.@0.Y..`..[.-.................."..x.....]]]..uuu..}.=..Ax..1...S.v.m.h>e<....9B]....y..h1+B...]OO#.Z<s..t..*....2.Z+..pBhF..`.J...1u....R..d.OQ+^..\...S.3..I..b....a....V2..%..G.L$..e0..d.'*(e*xA... ..k...:E.B.........h.).%].!..&.&...y...<.......R.....]....k..P...|.X.[KUZ+..@`....h..qJ.....(?...@...NF.u*..<......D.Q..OXn.2.^6.N...tQ.]<......}.7. ....~..!"....%-.....e9....sA/*'.5..D....]...r....i.TfQ.".).d....E.&@.x..l..'7..]......$....+..... .P..<....r..2.1..0.h......?... ....E.@..[.n..<..y#..,..Eg.$.2.F~.K-..^n.3..S..x./}YHD......8..FI.gB..l.5.,..lN..C...S...'F.P.....a..-.a.p..E'.I\y..5M.;..'.........+z$'..x.N$u.m.`.`...+aHY...yT...$...j...G....P...N.....&n.nA...*....5....Z.^(`..7P.|.@.:... .......P.).C...^...Nc...J.b.b.....z.<;Le.....).V=.0.2.0Z)...;...:?r.Z..&.Z.4&..:O....W..kh...u.k...+....,.k

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21212
                                                                                                                                                                          Entropy (8bit):7.98325864342395
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:O2GbDyxp4nQlUyEOZgtE0QsuSBmaibS7oiFaRXrDaLr:9SDyL4nOT9imai+7qXin
                                                                                                                                                                          MD5:F1FBD29E2D0C3FAA510DA6A8397532DC
                                                                                                                                                                          SHA1:FF5237B7D22A08182534B9083ABEDC36C0D3E349
                                                                                                                                                                          SHA-256:7371BE7448704F7CFD6A8776482774791ECA122397006DC5841CE1D69436F065
                                                                                                                                                                          SHA-512:EE496EC6F940CCF236FE8F86B7BAC8A62698049F2F310103A6BC4DCFEC4D2B3244762B844231A0326DC42197E3C851A82BF1E9E5D87A26B8EE7C5F686E4A2AD4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............J.....pHYs.................sRGB.........gAMA......a...RqIDATx....&.q.........f03.\.....^0.r%..D....k.&W.k.%..*V.7.P...I.+.....r7(KdH..eY.LZ.@..M..A.$.......s..w.?...U......;f...3.............:...!c. ^....R..g\.ri.....X..%..h%.B.....N%.F<.....X.~..\.^j.s...... ....q.:..IY).:YM....xM...L.......O.a]j.y..^.D..H..$........D.L..^..4>....8O......#B.y.8Z|JF.W....I.I.oD...2O...!3..)G.a.....J.|.(YCB>.,..*...f 0.|Xj4t..{.....!iQ~ i{.(...':......<.:H3B...$KezBs#.i.gc. .A.=...A.rF....cP.~C.|..!"...%}>..2m.2.y.,....B...."0.<....]...r`R}..%Oe..W.5e.....(....O...(..M(AW8..T.<.@z.......A..B9.....w/.IMx&4....!..r*.0&..t...8oe.j8...".>{...8<m.R..(.].Ss...O..5.+yx.rC>..q.....|HD......8.XGI.g..r.F...<X..<.....BL..B...C.&....#O.C...NQ.h$<.{^deM...A.I.e.c..r....|$..Ny.F$....r..)....C.E.P.F..hL.|..F.+y.PzW.....I.<#.....[.!...DCGe.,,T........TU.7#....5..0.<`(..E.r<...*...j.4F..u......Z8.e...T....."h5C..!........j...#.Uy.dY..D....7I.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 133, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13412
                                                                                                                                                                          Entropy (8bit):7.975594232205093
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:w0HE4jJ0oyx9ehCCmVEKtChcK6pRhXUPFLe1iU:5P0o00Ej8cdnCluP
                                                                                                                                                                          MD5:12187FBB7EC8ADA4E6334B2297D78A6B
                                                                                                                                                                          SHA1:9155356FDC70C7BB4C60950ADC4EF55BEE023B6F
                                                                                                                                                                          SHA-256:05D775AC7CC5F970FA2A0DFF5A1F732B8DC43241F789242C17E39F4CF9AB39FC
                                                                                                                                                                          SHA-512:55920F35FDA8F19C2372439774DED2B8E7EC61360DB81C8DB78B2A2F75F9FD10556203067E129F4D52F3BD1C9DD2B28788A12853DA15EEC9C2C18086FD68CC0B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............r@....pHYs.................sRGB.........gAMA......a...3.IDATx..}....u........;......H..D..-n.DK".."Y...P.*.TRN....8..*;.Sv.E.n)v,Q.(J"...Iq_.. @.............g...x.p...L/.ow..}.v.<..s..DH-......>..E...}....Q$....+K.....n.%..+<.N>~\...7.}.S..oV[.rx.@<..>.....R.Gy../H.Y..4.g..PTD.Ne.:.t=J:.W)...G*_nN..(1...$\Iym0.2..By..G.4.._H..."$4N.........D.t..Dg..U\..'.....f.D..rEN.".8.A@....]......$,..xheH.)..S.N@j..........x.b...kT....#.`............^...J.......c.u:.(/..^.Z.+G./.........QR.:..*...H.6....ld\.%1../.{]P.........D&..S.P$...u...T.2@.$r....<.j...t.R...t...I."%.9..e..!H=......'.-....y`.5[...L.B..... QI....6....uX*..`..}\.Ga...5..4,...2..?.<.K.B,.0...._..............N[.+R.-..!mc.mA.N$r......Ny.MD.O.K.1.O....G.t}.L\P.g...F.f{..S.E...d0..)......R*.-.I2'..HN#...@0.f:.A..lm.R......?y...u.w..e.d6.)..'..w. ..EH..>c .($..V.$...g.R.1..Vf...a%.!O.&.l.x.q...............>......J..\....9+.||.%...d..1#...).,<p..../..X$cVX......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3166
                                                                                                                                                                          Entropy (8bit):7.890916051269147
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                          MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                          SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                          SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                          SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 28 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16099
                                                                                                                                                                          Entropy (8bit):2.1119107535632073
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:R/6qMh8k29WJsEv+jJ/Zf9lnkouuJvBLD1LpKLxN+Y9rNGcfNGvsc5jq7LcQEdBp:RSB8kEWmjtZCxNXrNGQNGvsc5sx0
                                                                                                                                                                          MD5:FE56C156669CA636CE71E5D23D9C685E
                                                                                                                                                                          SHA1:6EF641E2CEDB274F9CE2AA2037697372C49CCA25
                                                                                                                                                                          SHA-256:CD48CA4C27625C9286738652535097FCD7406C709371D85AD8297F8FEA19FF32
                                                                                                                                                                          SHA-512:B82ADD72111983CAB0DB650F3D12D11E3E2CCC9681DB18484F2219EC4A8AD7F4E5BFEDEFBEE4362CD7CA03A17A025EA1E54E566AD2C458C1221F6EADAD099D62
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............Q.1....pHYs...............<AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-05-31T16:18:28-07:00</xmp:CreateDate>. <

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 541 x 82, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6612
                                                                                                                                                                          Entropy (8bit):7.943206975174219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:jSDZ/I09Da01l+gmkyTt6Hk8nTMVKh4rpfjDXliiulxWYwu4vw3eP29VIaUz:jSDS0tKg9E05TMq4Nf4QYw43v9V2
                                                                                                                                                                          MD5:13029396423BD78CCCBB0223EA143844
                                                                                                                                                                          SHA1:D23C69FE2AFA8469C06CD31FC8FF077B415EABC8
                                                                                                                                                                          SHA-256:9979AC854DABCBFFED54312E8EC33B5C0402E220E100E47F0A22852EC695F248
                                                                                                                                                                          SHA-512:32D34F2FF23DDF24D387D8A3B8A4B1D9258F525B785807466D9FD88A4097C288F0FC89E6B1C5A010F51E5C92F6941189404E194D9A3A85978F77418AA53AB85D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......R........ ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):93205
                                                                                                                                                                          Entropy (8bit):5.288138808574008
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTd4:fY8MaW2c+UELKUqnAdit
                                                                                                                                                                          MD5:15B82CF59C00E4671D2995CF6376F964
                                                                                                                                                                          SHA1:04B90ED14478B954002E1561AC3CE3063BE75BF2
                                                                                                                                                                          SHA-256:C2714DDC6328A8938937CEDB86849CE5B98575120E73041D8FE802324893F734
                                                                                                                                                                          SHA-512:B5CD7CAD33A92445750C5D5AEBB38B52BAC9B2F278FF103A9370809213D71ED39F995EF4810951DBA05040DC344B036FB0FCD68BECF0D0FEFA83B7B6A4B0336B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14533
                                                                                                                                                                          Entropy (8bit):7.978234763785096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:vbRTZyLGqlTGW2+6E7JfwA1fKUCYhVwKqpU:jRTZyKK6E7T1SUCYhVwA
                                                                                                                                                                          MD5:AD6E786595C48812BE2D9BC7FE5D1485
                                                                                                                                                                          SHA1:E98E3B2DFA4354754EC58188D88F6687DC239E22
                                                                                                                                                                          SHA-256:4715BA3F13FB3554D64542BA93605E87DDB8601301F2C15B9CD65B708FFFEE57
                                                                                                                                                                          SHA-512:2C0735D80841CEA8CE8F4816E9548B5A9474530781B1510A1FB72951EB36679B43F4ED86025CB9C5B8E2E81432B356D3466ED5FFE5A783773A77B142253BB0B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............~B.u....pHYs.................sRGB.........gAMA......a...8ZIDATx..}y.^Gu...M.V..kiY.dk.!v,..bl.c...c.....@&..0......rfB.29.....5... $..c[F.dc.,.R.%..t.....^U.......^..}.~..u..{..u.V...S..r...c../Mu..n..Z.8..@.......b5..Q=/.O.\t....r.TS.|.1......... ....`.J.s....~....$+...U.V./O..kf..t.g.*...x....J2.i.y.G..#...d.Z.5.(......K...o..4n.W....#G.>.<....'_.!.].P.P..*.._..=.ya...o..`0q...zd..T..f...7TXci.d6....1....9......._.p..9.i0......*....:..%.D.Q)-...e.u3.y,..:...<.VW_g..].....o.U_.n\C..8.kI...l..ux.Y01....WJ.q.Q.I&....C...J )..T....<.....v..b.u0..qv[.s0An.;..tC...S:.:XzB_G]....O.tc..1C!.....Ly.I.a.~xts.A.%.{....4...ln.g.)..........=y..@...:..QQ.]i...0....p........5K.xxTE.:.}...q|...pq.SSSX...5.Wa...hin...)N.p..G]H..O..j.F+.<@..x......F.}.[.F...2-...%...=hmiv...$f..a.4bI+...C;.L.6.iM.....G.......DH.}QO....|.Y..|.i.Y.....x.......e..:.eZ:t..p&,U..KL...AM.iw..7...T....t..\oy..2%.!..!.p(V... ..X. V......).,.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 200 x 200
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61451
                                                                                                                                                                          Entropy (8bit):7.343059446968563
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9fvs6a/gxRWNtTA4EOvbc51qb0zFy/Sc6mS8oyYVX3YeP8XFWZLNCih:9fkj8RWNtTA4EOzc3lBl58AdNCih
                                                                                                                                                                          MD5:CBE8A62A079FCC257A6334A506A865A1
                                                                                                                                                                          SHA1:B0135BD4B9A31BC7105111213C286FB3C06DEA7D
                                                                                                                                                                          SHA-256:3A0F2212D503E07BE1246CFEBBBDEB40B642A44B4A3DEB959DFF78063A9822E0
                                                                                                                                                                          SHA-512:C7AD87184B524C5908E9832675188DEC751484C849020031F91E5030AFA94AECEEB2DF3777657533947339A48A96A24C21D22D29C4A51C75BBF6000634993A05
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89a...........2/.50.4/.4/.4/.4/.4/.4/.4/.61.>9.E@.HC.HC.HC.HC.ID.ID.ID.LH.UP.[W.]X.]Y.]Y.]Y.]Y.]Y.b^.jf.nk.pl.pm.pm.pm.qn.qn.ro.ur.yv.~{..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,............[..H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h..x...W..[Un[.u..j...}.J.,.*..N.#f.x....B..RF...;..x...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):343
                                                                                                                                                                          Entropy (8bit):6.9403490183632535
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPUp/6TsR/N7FDkQp+Fj4zBeQzdHLqOkNTcvKMK5iloCQl53fHKxgjTfv6Rp:6v/7Q/6Ts/N7tWAHdETeKMKsoCc53v/+
                                                                                                                                                                          MD5:37F342F2D1658BF871B235B20CC254B5
                                                                                                                                                                          SHA1:137F20C7685717B19BB089041AA03FA001601D09
                                                                                                                                                                          SHA-256:432AF358A422B668D90A9B05D2329922BA20DE2E24F419232967601E7B8E77E7
                                                                                                                                                                          SHA-512:B20465A790529F063309426AB878CD67823EA40FC5B464C5ABE2DCD7A26721FB57D26BCFADDED47CE584E0F575CC0FF922C29DA2DF6B8A18AECD567B678B5DDB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx.....0..[....n...&8.n .8....t...6...;...[z..../5..g(9.B..5....5..7..K...fk.....D.......~.b..'Od.B_..%....P.T.(Y`......i!.....\...l.F$....l...=.ab}.;.f......N..Y.K...ffy.(.g.....,.<.M..2..Gdio?..A.W.~w.....5...:S...S....3.Z.......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 7 x 7, 8-bit colormap, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):535
                                                                                                                                                                          Entropy (8bit):6.070255751604191
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7nsXUyptiPCC0turztDt5q8j1Age/6TZ+RyxtWcHzSoLiKEMBLKBd:YynOf0tiztDt4yxe/6oE8cHzhmKEMBWn
                                                                                                                                                                          MD5:78118351597A04AE4CC8D899475BBA49
                                                                                                                                                                          SHA1:3EED037A8879EC6F84C2545CBC3D710494C2FF88
                                                                                                                                                                          SHA-256:D9059CE8A29D6CE4FB46BBC2292EFCA3478FB5D2DF106B33D4A37B50E41FEC39
                                                                                                                                                                          SHA-512:DB64A010162385441800F0CF0212C68791447EB5361793389BC632B7B14E15EEA3CE7DDA89987EBF7414334022FC64FBB1002816532EA106F0CD873D109A1081
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE[y.^y.^y.]y.`w.]y.g|.[x.ez.^y.To.\y.]x.]y.]y.Zx.\y.]y.^z.]y.]y.Hu.\y.]y.]x.]y.]y.]y.\x.]y.]y.]y.\y.]y.]y.]y.]y.]y.^z.]y.]y.]y.^z.]y...........,tRNS.............a}.C...l.3.>...=B. i.S.U-.`e<..*.>....bKGD,..q.....pHYs.................tIME......9.3.....@IDAT..c...g`..d.......``.....af`a...gcg`V.VTR.`PPQ.TSWe.........aa. .......%tEXtdate:create.2022-02-16T17:16:42+00:00.v\^...%tEXtdate:modify.2022-02-16T17:16:42+00:00.+......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mc-logo-tm-bottom.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 110 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1542
                                                                                                                                                                          Entropy (8bit):7.83009227115315
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:p/6xpdQeP1E+SD3r7bJsdU70sEDNdQ8Cxc:pSJ31UbLLDEMo
                                                                                                                                                                          MD5:66016348184FBD87A9732F55FF570A7E
                                                                                                                                                                          SHA1:DBF5CF9A220FFBA7513BB85A7008A292FCF2B8DF
                                                                                                                                                                          SHA-256:BA8A9DF4C31C08AD40EB4A81DEF7C41707350BCDD43718159884592E071446C2
                                                                                                                                                                          SHA-512:2939A8037E7824AB4603BF2C1C75A3F9A909C9CA559EF18EA535090C6D50EEF79AC3FF97D6FB52D3037481C94A488C217091EFDBDFB95B701AA4415F5FA92C72
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...n.........l..\....pHYs.................sRGB.........gAMA......a.....IDATx..YQr.H....@.........'.t..'0>@....'.>....=.....X.H.....U......A....._...M...._w.E.l.%.?..hC..MO.]A....Ctt4.]SI..>.m.....o.)/..)....t.L.Ng..A&"!"..5......Jl.-....[e......|.\.t'h4.!......+.s..R..A.r.~.^......--sH........]........8,.l..r.......B.."f9P..W..n}..=....{.1.@|...@..7N.r,.h...i{..'..I...x=.^..A...6q..~.E...g..=UT.....W..._KT*-......ND.....R~^'....j.2...!....B......w..=........8|(..u.r.E5.RF..r...L.d...Ow..S...M.2.....Dp...C.X.e~.....D..u.h...Y}.q.XI9EQ8..".#....'zsv.8........N..hV2.....e^.9UN&.V.X.3..I..F....)K............oLG...x.x..X.Kf...g..XV...G.+W....9..i].....B.K..1{.j.S..i...M..X....pl.....6..%;..mNG...K..C.8........Y.7...r.;0>P).:Z<c...9.....b8<.{d.:-.Pt.u..U....AZ...G..{.r..._.....M&m>....d.O)d{).A...Xr\...s.Ir..E..8...R..G......^...io.>...C..|lPc@.S.2Z.@.`.v....F.u.%r....F.sj...I\.paQ......|.;.c.i..)}.S4..K.DvQ.p...sfY..0*..v.M)w]..I;.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 87 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1559
                                                                                                                                                                          Entropy (8bit):7.837839289025892
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:s/6yUlzHLuHwW1nx0MX/pET0ltUxHPJH3jT2M0wlH2s3R3LqyT7UFStz:s/6yOLP6vX/w0YlPRT2M0wlHfLjYstz
                                                                                                                                                                          MD5:FA83BC8E14C9D2734DDBE84015E5BF3A
                                                                                                                                                                          SHA1:2A863213DC1905FE82EFE6B1A5C4A039A34569B7
                                                                                                                                                                          SHA-256:89F1D402046412A2921E41B0C4660DFCC9EE8C126EE8852CEE8B450038836B2F
                                                                                                                                                                          SHA-512:3EEF9CC44509E74A4147BE230A372FC5E29E7A8AC85BB08B03FC584D9AEDECDBCB609208BA8951802FC770F70CA570159AC693C8BDF3F1EA2EC9F1F160A694C2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...W..........]B.....pHYs.................sRGB.........gAMA......a.....IDATx..X.j.G.>g....Mb.J6.&..(O....^Y~..O.]...].-...V. .U..$?A..........hd...v...=.^....\...F.g..|..9g.?.]....;..}..eD'.V,.'&..(.......MO/..J........8.7.o.6..h..4Y...T'.....MO...1.,....I.....f..yqr.?.s..../e.lIeo.B...7.&....P.bSel".Y..y..a..:+@*>g....B.j.E.X....l..;t.h.A.vw..FhbHq.*Z.KH2WA.:H^...@...>.p...:{,...d.M..^.$......-M..Gp.S..).\.r.........#.Q...Z...1..g...(!...'.7_m.C.T:=....8.....R........%%..@...q...1....0.}.?....H......)..5Q..x........i.8.$...i84J...&.lr..).....U@..H..eaq,..k..P....h...b.Ur......-gN....7..OPd.=rt.)\E7.kC8#.IN..}.7ol.i..%...\.=......hMy...t..i.#.........$..r...n..2 %.zG.@.B[=...;.....K....<b.#C.B.B........K...^.B....!...V.mw.M...d...R+.\.......t.. ..i..13.b(}.!#..6.B..qH.cn....Z.....E#[%..........P.06....B...3......;ba!...-.w=!.\......w.....&.....T,.:...i...Q.k.~..w^..S.....'.P.<.G....G<14.`.p.D7..u...#.:e 7..L..9V....r*.\R..g...Ml0d.d.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-2024.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1434
                                                                                                                                                                          Entropy (8bit):7.812188474968883
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:gB/6FZKjUohZU/XCYVDr/K62aGThNbG+NetmhomQlgLCSX5wi:gB/62Y8qr/K621ThUWe0hongZpj
                                                                                                                                                                          MD5:C564D03DCC373E6C01F4A0C8AEBDB30E
                                                                                                                                                                          SHA1:0B8065753F23EC09CD5F4B0232631C687F4DFD27
                                                                                                                                                                          SHA-256:1C7DA56A2BDE70E1CB265DBB8E8B04AB02D88B62A9BBF056A35F788D8D875993
                                                                                                                                                                          SHA-512:04AFEFF007F2F5098B8B28D3B4DAAE07DA8467B3ACA73AA838AD5DC3EED2AF4088D48CB20B02213F948686A34EEB3A3C6EA5384FAD59E58B876E7F63ACFB5FAE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...Y.........0.r.....pHYs.................sRGB.........gAMA......a..../IDATx..X.q.:.^..rc.I...P..+0Y..+.]..."U`...U...Q.D....2V.Cx3g2..-.R MJ..39xgh...X|..aa1.v#At..F.r....1.......?O...^.z..]....F[.?..<......g......\*..H.......w.]..#.0.7q..V..fd..@g.B.K.<.I...@g....<.bg....?....B.K..MW..........[.n.Y.Z..;(>:....h7..?.v_.;x>8....u-.....(jR....^...p.....|g.#...v@{.G.....dzP.jZ..l...:ET.....FT.L....?.{...]..7......Z-........^.L+.9..K. '...........pT.....6).8.5;..?5mUu.....U.+s8...<...y~.~..(uAG...kT..d..t..!.b...7....].....N......C....I[2...Y...;.su..u..o.......N~Y.....>)V...)'u...f.'O...N...5..ez..$......:'..0..AG...q.\^...&..#7r..^....@...|.XS....#I.QwpT.......@...}..Q.{.no....v._..\[.#*.E.....[.~.6.]_....eD?/...........<.h.~#kh.P.+eHY.T.#p....'.`Z2Q.....|......l.(...Y....c>....j...&..i..E.A6...<.ZA.....n,../J.Z.p..'...:c....R_...e..~.t.~_.)..:Z...usTY....c..P.^.x......C.........X...W.H..y..)2.N...:Z..0ux.6........k@f...:u.....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 112 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1940
                                                                                                                                                                          Entropy (8bit):7.870572433344458
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:XC/6ajsovRkZHy/em1P2FGb2bQ3t/3NJ4BNofx6yRQG4R:SSagovk+emwqQYbJIo0yRYR
                                                                                                                                                                          MD5:2E6E7984268E9D344B13491198D160B0
                                                                                                                                                                          SHA1:E88EED75E8E8CA8A2458761B561927B6DABB8C00
                                                                                                                                                                          SHA-256:3EF3E4739C30F116531F7B40BD0E14D3A487C3F28C27B52C47EB04D8AB0B9C5F
                                                                                                                                                                          SHA-512:E60EE5CE3183AEE8C157CFD0922F9310103F0B291254897FE504AC0F10C440F3F7D3A32AED6383E8AD63D4414BD8E27A0C773929B63012D9CEB792445FE5EDC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...p..........M......pHYs.................sRGB.........gAMA......a....)IDATx..Y.n.G.>3.`T.\..6\d....d...O.y..U.6.5Hq..........^...^d..8i......~gw.....M....I.fg...3.9gFx.R[.5.:......t.J.<...2..V....mT:..N.v....]...,."../Ju..Q...v..k.....kB..$.<..s[.z...?.H.\L..E.bb..6.a2.._-.4{}W..M......._....e..W.q.!...!`H[x8....W.L.7dqD>....R..O.S).!...S.,pR.Pq.....wI.".d.M...bm.X\..y...f..:.`7{.e..*RH*.,.X.R...1.P.*...XD...2...]..{..S.S..V.5/.H*6.2eb..Xg.v....3...b..G.\5.|v;X.7.b..C.....R....LJ]..*...\..{..]:[....^../....Z..x2...M.]....jM..l.I....&4qF.bM.v:L.vE.'.Y.h0.."S...y93...W..;.........s......4C..H.t....n...((p.4k.5/.}V4..HF!8 a.k.........nr.r.j......CY.b.d.....H&.Y3f.$.4.J.Z....w{=6r..l.o.....V_>.?.'...x..b..zY..J....h...Ay/..s....o..*.I..c;s.\^..^4...U9...r$..\....l..m...1..6..q.........+.Y.V ;....|'.d...b.=..]....4Pj...BK..X..&..I......L_.m.`f..iQT... .....&.ou.0.'....c..;.=..t.c|f).....i01&R..7oZx..B.?.}....J3 .KTD..A!O<.....jJ..,cA.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 86 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2238
                                                                                                                                                                          Entropy (8bit):7.897965521812157
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:a/3bdLf7SAa7meAyze8p8XMnkL4NpP+Tl1TcVhCx4:qLddUJAyzVZnkLu6lF8hCx4
                                                                                                                                                                          MD5:2B2ED7BD7CD047459628DC4AE1728E85
                                                                                                                                                                          SHA1:F8F4933BEE5717D3CC67704F863896258EC023E1
                                                                                                                                                                          SHA-256:1DB0EC3C7FFD1C9DDEB5F0E4217C1EF38EB02700E4A7F3A557D1F052092D4E42
                                                                                                                                                                          SHA-512:B3CE912074BDE9758A93B18C6478AEB689A0AAEBC5F9D228A5C95F045C0BA24963FC7F32EC1E1BC93D50890132D3B1515247C9ED3DEFD99F517752A23BA7EAB5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...V.........G.[#....gAMA......a....uIDATX..X{p.W.....4,y.y.n..S..U.E.I`j....X..-.j..Gk.U..QFl-.p..V.Ne.hU..PBv.yF.....iI..I.$......../,.M........s..{..>vbAa...Tg.1....j-......R..M.?v..Vk..V..<.........y...t..%W|A.v..v..t:.......i........-.xud.!...\A.M.X.e...?0.7.w5..9......=1........~../#.wD(4.d./...-|..V...<f./l.Z..:..j].H.8..P...q....YZ....jsg-..I;'UqBJY....!.L..:......g.,.#W.4..y..f......=..<..B.......|..<..L.....G.uR.z.L..?L..H..al......W...4.3.......La..}.t_.".j.p.;.....'"..]yy5.... ......=.Q....QH.R...TU.I....f.......v{.V...?.{.......D,....}..b2..6.......^....nf""...\|.............w..J.i.W3!j....JCd...e[....$.U.F,OH.8....f.v.....z)z'.../...`8Pb....`xf.........^.7..`.K..}.c.S..7/z..Q..e.!9./..o..`.7.....v.$.'..X.v....v..".B._0Z.F..#......S]O..:.r.N.X..m...........Dx.....]....s"Bt.6.<..F.o+.z......B|..5DC..).,..y.0L.X.5$.Mh+.\].....Xq...~`..8..;YQ..t.{&....H.l.b..3..@(...#r..,......-...,..#..,......C7..6~.h

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 86 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1201
                                                                                                                                                                          Entropy (8bit):7.763272753991154
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:8B/659eWA6XuELEiVKshz96Ajxbd/ErBYPwxhYvjtcFpcG69X7VSkHVs6Lb:8B/63VXuELESZPxbSVYPwUvBcFpc1Dpb
                                                                                                                                                                          MD5:A624A806CD38AA64130A0C228271DE75
                                                                                                                                                                          SHA1:118201F6A512D67C5EE112CD0A0C4EBD5C66FAD5
                                                                                                                                                                          SHA-256:A6E96121FE3D151FAFF5B247F926F93D27790250F9E2A27BAAF841DF5D82B6E1
                                                                                                                                                                          SHA-512:D8C08C245A6F68FFC058D2571567034229EBB96A595B17469FC7B6E26F6BF47FDF34C2527B5800667790F88648CAE8C7F262677E53CCB713968A6C03B0D54FE8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...V..........W......pHYs.................sRGB.........gAMA......a....FIDATx..X.Q.J.n..b}["x"....dNr.."@....$"."...8.t.]>`G.2.n..w..t.j....v.@W.4......L.]..,......&.'TUGdL.|.r.....N@.XJ'.BL).&(........A...L. ...,...d|...`0,...8T...EQl.PU?.A...!..aZCL.w....^.....v ...xUuI,3.1......s.1....g.uj.#Z..A.Q...^.9ww).....Jz.....-..d....k...C.m.=3(....rc.'.avwKM.u!........%.._..;4,X.}vbh.r..s.W.4..o.3*.n.B...i{_..Z...7..}e.Q.\n.j2j}.T@"O....Z.B.....b/..l.[.....G..3d...&....AS.UG5..Q..)e..<.5....|...O....g..b#..Mb.B.s.t.........R..;.1o..`..[.a.,d`E.....9.oT.........9..}....Y....Vf. i.3.. .....]..&.)...S8..u.(u0.N|.....+.(........:.0.m<p(.[...X.P....`Hu....!..c...).Bw..|.F<".7..;..........fT.......|..P.........|..-l.E.Y....E....L....e........V.W.]....~\...j.a..8...G4J..uC....(.....W6.....\..FDk..1...n.. Z...:....C;.F...jvbp.).....n...r...w<.j.Z....Q..|...u....8e.(.M.,B...E'&1............._`..../....6'...VU.....amZ....E..;...Y....S..(..B.m..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2052
                                                                                                                                                                          Entropy (8bit):7.890065571351557
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                          MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                          SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                          SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                          SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7205
                                                                                                                                                                          Entropy (8bit):7.9471260512499375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                          MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                          SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                          SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                          SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):285478
                                                                                                                                                                          Entropy (8bit):2.4849077310090886
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:gtOQaZJ9Lhsvel7gsxdrTr8M4JnGirZTiAF9EOoRoQoPEgyY7oooxro:SOQaZJsvel7gaWNVx4AF9EOg5O7BAro
                                                                                                                                                                          MD5:F7D9142AC3C0C7228507E927D05F9727
                                                                                                                                                                          SHA1:7B8C9829534DF5B2BAAC806141F72B0AFDCB03A3
                                                                                                                                                                          SHA-256:F91461D2F81839CB58DA4A9FACA47C51352558BB636C522F9272519F7D910E61
                                                                                                                                                                          SHA-512:5C53D7B6496CFC4A855A7CA9F95D2F127139CCB812610F74790867F056EC48A4F3A6F2CB95574FCF0AE027B9B3497F0D80B1FF235828EA66C92D18603081E725
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... ....................................................B......t...t:...........................................V..............u...t...t...tN..t........................j......................u...u...u...u...t...t`..t....................................h..tp..t...u...u...u...u...t............................T..............t...t^..t...u...u...t...................................................t...t...u...t.......................................................t...u...t.......................................................t...u...t.......................................................t...u...t...................................."..t...............t...u...t............................2..........t...t...t*......t...u...t.......................................u...u...t...t...t...u...t.......................................t...u...u...u...u...u...t................................z......t...t...t...u...u...u...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):195
                                                                                                                                                                          Entropy (8bit):6.068066723651005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:yionv//thPlJlawvlkV42/uDlhlp8Lts7CX9/Bxdzo1i9MsN2ocx1PmnCCj1vkxz:6v/lhP70wS7/6TsR/Dvo1oiPOnuMwkup
                                                                                                                                                                          MD5:DC1EB36132B94A110553E31FB69B06C3
                                                                                                                                                                          SHA1:B5E281F185E2A7159B4E1EE74C27FA31E00EDA03
                                                                                                                                                                          SHA-256:237B2E4C1D42366B7EC89852F5C43C7D12C961D2A8990A87FE5CAC827C6C2FC2
                                                                                                                                                                          SHA-512:3E51E41E82D903AC06A911CEB70861F49F682E6F22AB6EE07DE8FE4B351CF255F9D95FAAE7282C516C9226E56C6B7C8DF87135F0E7AC699F7179B4D176234E29
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............;.J....pHYs.................sRGB.........gAMA......a....XIDATx.....0.......A..9.....Y. .Kr..T..[W|@.]C>.q...bE.I.s..........TL*..V,.E.q......X......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):334740
                                                                                                                                                                          Entropy (8bit):5.49770045405099
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:vYW4/fFn7A4xnC0IzntmbG8B7doDbtYdLVYRWns6yC:vJCffC0Izntm6S7QbKDYInKC
                                                                                                                                                                          MD5:83923FAC3D4E58231B7527BDFACA2794
                                                                                                                                                                          SHA1:492C8D0F08203EB28A2999895B1B5994F51F630B
                                                                                                                                                                          SHA-256:B6E7BDFA89B2445E120C0583BF97EFA915DFD43BB02CB129C2D9267AAF3BA618
                                                                                                                                                                          SHA-512:A8A5B976417B19313C2939BD2BAFD9FB918A1F413713259C120A296BEA00B49D36CFFA1DE25A9C58D2987007FC9BBD4AE8D198C7D37448080C8E34D8EEDEFE54
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ ......u..(....... ..... ........................................../C..0D.*@T7,AS..$-../<......................................-@......:Ri5Qk.=Yq.<Vm.:RgS5K^.(9F.3HZ......................-?.Gu..!<UT&D`.>]x.Ig..Jh..If..Gc|.C^u.>Wmd:Pd.;Rf..........#3.0Pn."=U@)Gc.,Li.Cb}.Rq..Rp..Qo..Rq..Qo..Kg..@YoeD^u.........%@X.$?V$2Oj./Nk.-Nk.Ji..i...j...e...^}..Xw..Om..B\rqHd}....._|..:Zx.Cc._Qs..Gg..1Qn.Uv..p...q...r...q...n...d..._{..........^...]~.,\...[~..^...Qq..Wu..n...v...x...v...t...o...j...m..v]...Yz.'\~..a...d...b...?O..&*..1;..CU..Vo..h...r...o...f...c..;d...Yz..^...f...g...GX..%%........R...P...i.."w.+;{.:Wx.Pr..i...`...Z|.D`...b...:Sr.,1..--..."a...0...1...D...x...j..,R.Op..^..Fd...a...f...<Yu..2Y./2..01...!U...4...7...:...~...w.Jh..a...`...\~.89Zz.:Z{.9Zy.9R.../..-....'...$....z...Q......!}.Vw..`...c...b...;\}.;\}#;\z.9O..#$..$$..&&..&'........s...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 189, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20549
                                                                                                                                                                          Entropy (8bit):7.986108821429097
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ekwMaIBryFTsB7sckuOrzdqL+0ZgDdNiC+Pjo0eiTGhXDEi0t+XKWDt:TwMaINyFQhLRizdy+06DOLjBemmzEFWh
                                                                                                                                                                          MD5:0050197C4E3C6801D783762609EF6226
                                                                                                                                                                          SHA1:5B1E4016652C53EE3729D3125EB3F231DD69A206
                                                                                                                                                                          SHA-256:F42ECF07D3EAD5B48C1125B19F101FA4B3C6271F4FB43196876003615C31F31C
                                                                                                                                                                          SHA-512:B527E6A611394798E8467D797251A094FD9E06686CFDD95C40545697E79308246C51C007D9EBCF8B6A5B56BF810A851A10DAED9AE1DE9995B757558DFDCE0F73
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............)......pHYs.................sRGB.........gAMA......a...O.IDATx..k.e.u.......0......`.....H..IP$ER.c1J"G.Rq.J?.r.........B....-+....T"..-3$%.,.!>.........<f...}..{...k.^.....pa.u..w?V...z....q?z...5m .D{..K.....hC..c.|\F]V..]u...O_.nK..*..N%~V.#oW..........5....".....D}.%_.....MHS}..._/.G......Z).c..J....>..zsz.6..z...*...^[...Xy.h...l2..IT...\..R=.}..0.P].8.N..6..V.i.|...O.ur.|..u=.....2.x..>...K...>.....GP.<.3...6.R..78..G)..x........6(. .3...Q......r.^.....x.......q..@...]/~......F.v.W...IJ.3}......n>....l.-_I.0.;u..j.B=.9.y.?.d.].lB.C.....xQ(..2..dr..'C...B.]._.(e.k..O....9..2..p...=...y2.".V..&.lk..P=.x..K....J4..%1R...&:.%ax........B.k.q)....p..$...B+..:Y.s|.B,hR...j.K......-...G.1....-x.(G..1....+5..?..#.......P_.....$/.>.e..l..c...... ......@.p...Z`I...5R..BV.8c.L#.\.... %..B....)AS.,.>..296...B...y.l.b.r0.O.D0...^e.iDL.5Xyb.RPf...a...MTL.4.x.t....\uf2).J.6@r.../....$gQ.X.r0hvrV.|J.%...d+..#o..._.....G..a....+,v@

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):942
                                                                                                                                                                          Entropy (8bit):7.531868737958494
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:9s/6Hwf01d5/znYDjqWy8Yi5x7fzO/eoTMO/0T3hQ:9s/6Hw81fzYHqWyyDzD2h
                                                                                                                                                                          MD5:50A8EBBBE54E38389C31C82D126B414D
                                                                                                                                                                          SHA1:C93D3B7CB702DE03C6AB2C8CF7C6520F45613FCE
                                                                                                                                                                          SHA-256:B5750D21ABAD17B37896862D5B6598FABEEC4B45EB1C327ECFE4056CC2E890D0
                                                                                                                                                                          SHA-512:E67712C56B2B5465BF9481DEFB814A98439EA9656A6F65A0F6A7355D30979C65093FA5325751F5753EC615E8EDD7BA604B9E3E7A5BD46F95179C6DA56012002A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....CIDATx...MN.@.......7.9A.B.r........i.u.m@..r..P.mo..u....]...:...i>....q.?..q...../D.........}...V...bzA".z....ZH.$...z................$^.HVi.Po.@......<.q+.N.>..o3...u;..:;zO.%.<..l.a..2.....$"A...Jd$..7....d.r....(RO..5.s.w....%d;.CCp...=.Z.<8~u...w.p.H.DN.............+..(."..W.t....$.;......pE6......Z.id`...Ob..O...C.yP..M.6o.......p.P..PB%..f........'...WT......%Jd...6...F....V(>N>#...P.....Y..Dw....&.Q._SN...G..?.../L.l.!Y?....:......d.g.]......c.8.O.l.B.1....Q.{,......|.=..,...-$..&L.6.~zL9m.>.F...(.0Y....$....!.M....A.uk.....X.....<..P..d..^...e.....Ku......#..8..<...%....\).(......F...eubo....<..........]..,..p.<.ZV....w.amk.V...%PT.Ff.<?9.2T.'.S..Z...$..!4.....t.g......"t....<@.....?I3`.\......p........?Hgj..>.?.....TQ.........<<.r.9...!..L..P....b).Q.......B.......f..#<a.\.X....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                          Entropy (8bit):7.559903053416362
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:9s/6BsT2qpwH99jdztSFrR1SZ5id3SBMKSb6b0oqqR:9s/6BsOjxQFr88SBTBYoq+
                                                                                                                                                                          MD5:1380B82254D9056AE17D2C9C333BCD5B
                                                                                                                                                                          SHA1:FD419D0EDF583E313F7F7F1BE565E7EB3F2519B8
                                                                                                                                                                          SHA-256:FEECF9909347B956549A39AB182F367F78E9C1306CA2DA146638CBDD3BFBA285
                                                                                                                                                                          SHA-512:9FC77FA74EA43F15ECC787FBC6299492196E8218FFCA1A6A4D750EBAF2A588FC14399D498FAD9B1DE5A3E0A316F3DD57350A1B2B0D67309CCA699BC96ACE89F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....=IDATx...AN.@...7v.`...NP..h...z..9.,.v.d...J..$..n{...knP.........M...#.......v....L./".....X..^\n.f......kQ..7....=S......Z.%.#@..'.<.-@...WE......x.:..$#...W..A...v..z.G8.U..Xs.p....<.N.y.+@vG...T..0`...........~.....;c...{..P.......!5..x...J..DoN..!@........]n.Uj.....]{.5cd...V.n....r.E.3.~x17.. ....C<..;]..43...h.1.g.<x..=4l.Kk..........O.......Q....<K.W.T...S].......`..eDo.U....y(%NZ......J<\S.`...<....0..$.R$...J.8.....Q3/..,@....~U>d.@G.j0.\%.0vvy...5..|.>.@....]...........<.....z3l.<$.!.!..@E..P`...]_U$#....\.zSp..c...B+..B..l.ly.....(7......os.Y..u%..!5..Z.$....M.E..~.J@.A...I.AgC.z..g.?c.O.sh:....fQ.yh..h]..#..3 ........;..x..L.......9...wS.{2.M.N.5.&.y...y...-.{..._4..'%o]U........~.F.....|..@@.....3.........M.=7..yA/......<.N^y...8.F*........3.9../Zt..cA...<........V..c.iK4....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):664
                                                                                                                                                                          Entropy (8bit):7.3611901561562005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/705s/6Ts/vZBGTY1vFn4D3brB0lG92JFFC/aE8Eq3b8jd7sNksCjz:9s/6EZBGV0A8A08WNksCn
                                                                                                                                                                          MD5:FF3D7C0157D5D1D9A28E91FB2A0E6662
                                                                                                                                                                          SHA1:F6B73B87D42B63F7BAA5A6CDE25961B6314CA913
                                                                                                                                                                          SHA-256:D55C2405879639524333F7262828C370B5331C8A39BE070CCDB888BFB4F715B5
                                                                                                                                                                          SHA-512:698830E86647EBA52042F0CCADA114B64C4462DDA153B563662AC6E91AE502A275B498649E3154C7A90CE1BE883C29DDC9AB8445F580562741A2E1C8DD4B309C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....-IDATx...1R.Q.....Ha...x.z.3....0..h%....T...!.0v..b...VO@G.$.w.d_.. .Vg7.O..,..;....E.....U.......=....l#9U.....).e...^_.........hs.)..$[.rqr.!.....B......i.X.}...S.d........D...........{pr...P...x.{.2.6O.v.i.<......P@.......%8... Y.L?..Pz..x.{....t.|.!.+...Pb..xE... ..V .YC@......C......wgnC...'..v....; ........"....,..X...(Ym....B.X....d?......w.j.T..f/,..^.uT.c.A.(..=8..E.5].e.\yY...........!.@_.sM'm...P@.........F....NtOflC....+.....~.?.z.|......O.....P!..x.{........$W....`4i../..../T.K..{.B.h[nZ_.-!6..Igk...l}.X...x......w..F6y....5....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 100 x 100
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15416
                                                                                                                                                                          Entropy (8bit):7.756586242434715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:eK1L3Lk1UyxwO8tIZrkr+8t4vR8O8t4vWn2x8t4yLO8iDd3TCqM1oOiOvL:P1nkKO8+pT8amO8aenQ8auO8iDd3TVMD
                                                                                                                                                                          MD5:365D3E659634DF5D5289F14E1855E714
                                                                                                                                                                          SHA1:51010713312E23DD9ECBCA17A57FE944A678576F
                                                                                                                                                                          SHA-256:651598C518BC9F405F1DBDBACF89343D87B70DD2DFF93A01FD20F96C524E78CF
                                                                                                                                                                          SHA-512:2243FEFAC77C3CDC1CAA5E17BB01057A6A343D1852B58B48F7F34610814CE8BFDD47E9E2D3D3D12C8ABA543786E1CEF8E22E42D6159F222F49534C03845F4D06
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89ad.d..?....)))............................................www...................eee...XXX.............................................DDD....................................................!..NETSCAPE2.0.....!.....?.,....d.d......pH,...r.l:..tJ.Z..v..:Y..x<..(.....r..@{...DL8...=..t[.....6JzhaG5#.....W....kI...E......V........C8...&.U....z.B,..$.T67..;H..?*.)>.T....F....T<.'.F!....G.J...G.F...K.t8..9J"..............c.....x.8..!Z..CV.r.CI..),........t.H...?x.....%L."..0..J.$.2E.7.&5Q.H".qS..1<{.4.a..aD0.h...:#Ls..8..X.G......F..j....E..g...0...!g....a...E..@...\h...em..=...x1..\.By.z,....X... ....U3Y.+D....+...y..H..<9.!....Ac.=lw..?.E@......h\[....c...q..Dpx..M...=..^.;...J...K....P.@......s......)Q...!@T..........Hr..w].0B..|P..,l..mK08....G...`...8.`....w....u..6.v.."LHD...1..C..X.l...T....'.GD.#d.I..*...l........h..X.".)....W..T.d...0...uc.Tn..BV.@.w...b%.e..v^T.U.).h...f.....8..........'&..X&......P.bC...`...$.f:.zi..&.,......B[.V...l.l........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 176 x 134, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15075
                                                                                                                                                                          Entropy (8bit):7.979399641440617
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:B80mK0kjvC93yIZ97t991dRVGJyjz4poyVIor28Z2ci:TmRkjkRr7z9lwJyOoyVIuy
                                                                                                                                                                          MD5:2B183B9A55E2A55A566E6DF71751FBE8
                                                                                                                                                                          SHA1:F5EDBACF9DEF16D0DF52888EA7C398BF51601AD9
                                                                                                                                                                          SHA-256:6965355533AA0487DAC22F5D44CBD72BCA2C2ED2A75558DE725CCF5B8D1156D1
                                                                                                                                                                          SHA-512:47FB4AE6DCE69854D78190797DA2536C21C04E34F47CC4CADDF4746CA6B86EC522A6ABD2BCB01D2EF26E378513AB49E97AD470EB2503B345A15A80475768DC86
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............}.......pHYs.................sRGB.........gAMA......a...:xIDATx..}i.].u..o..`..X.....I.+H.H*.Hj1Iy..E......e;q.8.r*..8.b.J.J~D.....r..Zh.2m.&ER....H,\.....`......>.t.}o@,#.g.......>}.t...s/.N..!c...sY..EgR.s..-^.#JK.3!s..Rt6."...zn:...f6%..:6.....g.jU=Z../. 0..,...L.."..K.W..9..:.|...j3.&.........Q....^<g3$.i.<..S..`.Z..?VA(..*-...__.0R.9..|..`$......$.5).T.....7.l ..>.i.x...|t...wMx.w:]..@:i(Hw...N[.l.K...4...8]...7..Ho/..@....T..x.o'.+.....Q|..2....&..u....P.......uC;......,..kh..mHDI......l.....^..C.OH...Hh.$..ei.C..3d...U...S\..V:.t..qH.d...2..A.&X...._\.P?/.......C} ...M.e3..3B >..v..0.._@R.4&.GB.(.<.%....P.y...I.'.T.].%..4..4....ZW.<. g.......H..H.........(...k$o...]...9.d..]7bna.....0= }=....4..NQ..$2../...y....XS.^..l...O.].:.)...E.iKH..S.....%...&"5.4..@M".N...X.(~-g......&..l.......Q[.....*.3.....M.....h.Q..r...0..G.M%.Z._...S.4F...x%4CLJ.d.y.........).V.(.<t.a.J..&=hSi..'.Q.d.l[.).. G:M...)N....l............

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 41 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):617
                                                                                                                                                                          Entropy (8bit):7.439754348378905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7T2/6Ts/V3SPmQjbXnqipYBFQAztUBU7oMDyREhY15wNpwtgLulRlO7:k2/65XjbXnQkAOm7oxkYqWiLGO7
                                                                                                                                                                          MD5:EB828ABEE8EA1DEE90FE34A41FD2970B
                                                                                                                                                                          SHA1:9F2C18E1765BB8953F9521FAB6446F730BD9B56D
                                                                                                                                                                          SHA-256:9CA1BDAD0200BA81AFC1DEB29782AFEB29D2E519AD267DB90D115BD6136952F1
                                                                                                                                                                          SHA-512:E0F40F67C78BF8DC3BE4CDAE824BC9E453977D79713FEC704F25567AC1E23A407C542D9D7B8F6AA9ED9811F829984DD6724784B82F1E658D8B7A4D635E3D3E1C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...).................pHYs.................sRGB.........gAMA......a.....IDATx..Mj.@.._...FA.n....Kw.@....A....jO.z.TO...Bp#M..B6....#cj4..K.0..|$..y.....i.P(t...j...... .:..B.P.5@p74....=....C..;..-.(..........%0.J.%......f3......a8..)..k.*.GvD$..Y.!..{...v:.[8...U:zG..0....r9..b4.A...NX...BZ...d.YH$....,.\..g..."V..G.....d`.\..0..I..6&.I.J8...?...%.L..~.p....AZ....4..t..0.L........}A..Q(..^.w...6R`..'1M../.@.$M.`..u...u...[...n..H..8b.T..^a{h7[..A......&..x@...M.Q....n.A..[...CZ.._..-. ......(JyK..PG.S.I(.)<`.~.I`V......l...O..7.e!..?*..+|<.~.x"oh_..y..{.....M4n......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 41 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):675
                                                                                                                                                                          Entropy (8bit):7.562211970325794
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7T2/6Ts/bVSd/4kRfv0fBejGezIcHU1xJe4p9HU1VtRPmmgWonwKvSa+BEMR/:k2/6uk/5vu1xJH30rL6vnzvSa+l7
                                                                                                                                                                          MD5:D227EFCE741CD468570862CBA8A7E594
                                                                                                                                                                          SHA1:BEE60BB46694FBD91CEF1588C8EF22EFBB35A725
                                                                                                                                                                          SHA-256:F18F4F91B5C4A6A6C1BF94B84329F7473DD9DB3E3507DCFC5BEE49034DB95FD9
                                                                                                                                                                          SHA-512:56E060EB9A6F81BB2662DC6F31364C18B72B4255460F03BC5F8C39EAB29F4EA7CDFDBD082C5AAAFE4A0AC2C8A5C70E0190D536C84960754DEEB487EC81EA51DA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...).................pHYs.................sRGB.........gAMA......a....8IDATx..MOSA...3.XI(i.+>"...F..\ado....d#...].Z........H..1*.@.!.+L.V....L..-..v1...igz2....w..@...x.....z..5:`.....U.W.}..5...^?Oh..B#.#F.I..jY.....,.....F.n.......l.D1.~..-..v2f.2..!....OX..G-Q#i.X.$,.h......c. r..M.}.]V..iB.. 9=....!../..U;.8........Tf.-..5.....>.6;..=:.q..J;..,1.Y{...}+3.z.A..........+.LRtU...S..V.".2...)....<,q .B..m...4h......z.p..".._......d^..:,R;..Q..HM)7...YX ..`|.s..1....Sj.R..Vn....a....F.f..Q.....s,V...w....Qn<.%Z.M|..0...+D..V./7.Z.C....r..}..L.$.B. AmrP..O.....H.r..G6C.&...<..[.....u}.....z....".v.hZ....;..........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3245
                                                                                                                                                                          Entropy (8bit):7.9134385325834735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5Sxtw6uF4h1IoiShJRcX3/okKqShNmdXXs8oG0S6Fc:5S3w6X+0XZcsFNS6Fc
                                                                                                                                                                          MD5:42B15F32E9F2B2FE7874BC8B5CEC3FD9
                                                                                                                                                                          SHA1:0095AEB7A50DAD717D5C831DA04FB692ADCED9F9
                                                                                                                                                                          SHA-256:0AA2F6F56226AA14901D0FC02DCC9FE7B45A86F49725C1B638252F90117181B5
                                                                                                                                                                          SHA-512:2113BDE6D0E5F0D96F55C1DC07A1351A697B0C1193FDCA41C5E452DFAE38B96E53D717C74A840793E53696D0C3503D8693B403639C30D56955B47DA0787C7866
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....BIDATx..._l.G......;.v.Z.%.I.(U+..mihCs..@....T...P....."......H..!!.#Q.}JC.<..VT....RKJsvZ..N.R......;g..8N......}$.......o~;.3..B.!..B.!..B.!..B...YQ>;.\.S$..g.3Q.r,...F..Kf/..h.@O$.-R.$$.>..>...e....{.).q...D.-.5...0.Z.R{.a`......$\.rV.FLS.....%6.. B..|v2eD.G...M.V.r`2-Lq.0..m. .B....DOK..#..k.....)N..]C....k>;......).N.G.BV..K..t.T.T.t..BuZ+...Y=...c..V.....0).......8s..41..@-.P..7D.&X...s~..Gw.c..5..cA.......~..}hx,#.9...H_.k>{..<r.Q...Z><......h.1....X/..k..{Q'.>T.R....')T..T.8o.VS,..@R.....0.uPs..SS......E......Y........;_?5.i.g_}.....>.z.U.*.L.^.g..A.C.9.[...\$..>.`Y....!..j76?.....#.^.F.....h.U?%.....{.<...>*.3W.Eu.X..'P'u.T.^2:T..@l......hR.TU*..._.y1.:.[...w.K...U..q.k.k.|../..y.uR...BU..........1%..L.G..%X.L.q...TCu.....kU..0....L|J..........?.x..X-.......Gx...._..B.'.-..l.. .z...~3.f.V.>E_.^.=shk.k.^.@....[.y.(.dU.k.Rajm-......Tk.H.d....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4647
                                                                                                                                                                          Entropy (8bit):7.934941782690532
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5SrHsLRJGNY3SJ7+U/I+TWVdFP8FFYTq3+Nas4YCiuSuWozqB1phz:5SrHaZ3k+UDiV7P8FFY6o4S/oO1x
                                                                                                                                                                          MD5:06438B94B66EEB804C86F363C62BFBC6
                                                                                                                                                                          SHA1:CF3D09AC9D952D6FF0A85D0AC9BEEBDA22CE0EDA
                                                                                                                                                                          SHA-256:C879FAFA5892DA6841E0EA09F2EFC9F68762E5A4752D62ACA8C9B95828B6FEAA
                                                                                                                                                                          SHA-512:38328E330AE12BC31EDEABAD908C86A1C486CEB0D14E9FF946E459D0E88243F3DE0EB603CDB6E31B4CA2EF6BF70428DB5EC54B3C705E3043C9FB0A649E11FDA5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...l[.y...^.zX..Fvl..:Mj.[`...m..y...Yn.>....(..N.n..`..tK..v.4.....k..c$..Hj.(..nk.A.;.`Z.dG.P.eQ"y....EG.. /....`..i>t.....w.s..P(...B.P(...B.P(...B.P(.#..YI%..r?.b...l...#.~...7.h.......i.@K(.....8k.wE....,......1.~F......./.."e..+'..6].]BD.....F....w._:..ub.P..J%.[...sSksGH..F.x.i...C.me.eJ..k,1.R...&..>...c.4..pU..C(3.FX...6.c..hE.r4!...rq.@...l.nO..P....9...c..V9.j&.0...U`..Vzlx.7..\.5..../D.FX4..4....;.a.;hd.O.E`......^{...X...i...0....&..A.u,..W(3..]....0.t.k.Z.E..h......X...>.M?.Du#...i..Tb...7.......A.aXSS......8h0.g.U8..h8.I..........._.......^.+........5A..i.}.s.n.E7.G.FX..0pH........-..o....m(.E.N..7..P..o.vY.:c#....l.z.ZD.^...4.$=......n....a..\*...?..b'<.3.D.....-P,..q.K........k8...$.R.*..a.{..........C.....KT.;...#/...::.[R.cI\.j]....'.'.l..j`(.1..r%.{..E......2..XTR.....r.t.O.........i...8.7..=.5......k.E..JT..[.Eu5.....0.J..LS@<.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):37458
                                                                                                                                                                          Entropy (8bit):6.111535768912929
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:h9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZT:h9DDI6thXjez1jtnA
                                                                                                                                                                          MD5:852058901C74A64253F8A30307342E99
                                                                                                                                                                          SHA1:43713FAD9753DC649C6203091187371FDF30EBB1
                                                                                                                                                                          SHA-256:110D789973B78ACCC07EABA2FBA8BC9732223935570DD607ADB0765C54D39BF6
                                                                                                                                                                          SHA-512:2E7803BC7DEF0B614A6C8ACDDFA75FF7BA37B31227E4174549AF8C7782739A6D1B669A9AAEDC1178E0C6A031B1742D2849F3C3713FC8BCDA878D46A7D3A24C88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Open Sans Regular */..@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXhv4

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34216
                                                                                                                                                                          Entropy (8bit):6.048936621948461
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZq:E9DDI6thXjez1jtnJ
                                                                                                                                                                          MD5:B66C073D57FA28ADB8AC3B4179DB653D
                                                                                                                                                                          SHA1:552B48197375DBB8CF21CF946C7E79459B226101
                                                                                                                                                                          SHA-256:31DEEB6D972CB0FC43CE887AAB0F8DE07C0871F84D9B5E37A1FE4EFDA871702E
                                                                                                                                                                          SHA-512:EACC937F48503FC6BB88D96D2BB7D31EC97EB44228C6F85EB84E952ADF4391A536DA9A2806C113094B2BE7DF582D213AEBDBAABA79922690A917ECF37366F8B3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26093
                                                                                                                                                                          Entropy (8bit):4.77525155455544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:J+6T4vNmgN8k0+yycVCI6z0jG7RXDX43UMRmvm/I:aDIpQ
                                                                                                                                                                          MD5:88AAD1628908702DC40728E4B844DF2F
                                                                                                                                                                          SHA1:214B674B1C41884C60BC038B91494CCB4B76A2CB
                                                                                                                                                                          SHA-256:841908E604B67209B61219433FAFFF57B5F13DD053A76857D86B0CB424754A4B
                                                                                                                                                                          SHA-512:A47D16ABEEBCA23BA2F8476C2639C0CAC2908B5D53A1A416BF276512003FAD9737E45D63F27604A351E75D4AE4F29C2BD3FFDC65BBACAED288C16A31D307675A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6397
                                                                                                                                                                          Entropy (8bit):7.947947094706784
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:GSzkZH+IG8+1lqPrujYGCbSDp98cti4FSwgfYf3:poZHw1lNj9f98trfS3
                                                                                                                                                                          MD5:4538CF17F5E72D4AB6748D921AAF47C3
                                                                                                                                                                          SHA1:0721FB317398B3F389FC85B57D7BBBB5A5C8EAFA
                                                                                                                                                                          SHA-256:CD03355615D11022E11EE57F35A0E994F42F60A03CF9063FFA7AC0321276129C
                                                                                                                                                                          SHA-512:D9DC3ADB291EEC7CFCD317DB6D9BE5C662BB25DE22AC8056CEE7B16F710F119392A46CCE4250900DFF59DB4313A6B23FEBDE30240DB9A3244C3B008A49ACC422
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...tT......I2I.....B..-..[.GKJ...+.+.(.j[{..t......O...n..Zc=.........Z8TA..=U."2...7I..w..M.'3o...wf.{.>.h..L2.......K.....V.....S..N...9ts.>B.....Z.G::..e..\.....c.i ..`.....k.J...[.*v.v>.D<.?}..C..p./.@k::.@.S.B..No./.\...PZ/.X....7.[...?.....x.-..U..]PF...Qx:..Bts..\.It.............l.).I....LY..P.D.....G8.....#....th..JE\..^.:1.t..Q|^Mk...ek.2Q.}V.o;..E.IR.#........u..`..!.....n......`=.)..N..2..ex?.. ~......y.......`M.0..a...m].J..k,ik...W.....Q.......O..0.m'H[..X.LP../.z.......y.F.6.E..l....`......K.H..1.6.......o.....9W...-,"&!..[9.....w.......=.f.......(......2Jy.l.F..7.U?.......>.u...WY.][V.F..j7.:`.X..g6.[.Z.Z|E.....)kk._..X.....nx2.2.....6v..V....b...\.Fn....W....[.::.%.?H.5.H.C.....X..h..1.d..3...gPb,#D......I....K....#~..*.....>\..=R.9~l..D......w..2P[..%..B4\1..+.... ..@..c.9@.....iG!........d..'}..F.D....m.(.....=v.lz.:..N...F....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5418
                                                                                                                                                                          Entropy (8bit):7.941310197666969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:GSscx0y/nkoEVlqHdvygby9KULounF17qTN/Sxgn7ylwgwIMyce:GSscKy/koGlCdv29hLJqxiEybYyv
                                                                                                                                                                          MD5:A1373F9C03567C27AF0DE96E770E45B7
                                                                                                                                                                          SHA1:A97E90B04460E4AF1D8425A9D9716782739C79B5
                                                                                                                                                                          SHA-256:EE56D3790702A7A91CF1BBD73326E6852CDF648C77249876D8D4410D5E1DD52E
                                                                                                                                                                          SHA-512:D65BA6F131F7EBAD0267FEF9BD555121429852DDB58F1D51CF3CBC800114C93BD8BC50CB06437BA999B7B585E943930CF7AB8A65632C1B9BBACBE5627027BE3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...S.Y..3.........A...6,.{...{",..a.=Ll.,.....8b.....=..r.eo....o{..........U..R.T.{U.*.O.m\.!.2_.x..4#.._Z8......C...U.M(.4=....St...S..<!, ."".....-..6.#P..j@X..*.QG....sU-V....+:h.../....F~8.."..NU....|......L..'D...t.....Wt..V.&...@.v..$.s".8w..d.E.{....A.p.G6..2.Bt.....O.h.F....4..f)3%D.d.7..,...d.a)..r....r2!...El:....)...wMi@9.V2.Bl...L....r....c+m.L.....#..J...*!j.....\%.L..9.iNSYT%..fh.k.$.5.....5QZ+Mb........D.X!zIhsWX.E.(..:]y^...8!j7..I...$......k.F...s..*<O..@b,bZ....u._.M...k=+.M4..i...D...t..o..$......E5Q6.....3].i..o...}.3...3...1......;.(..|./.U#.b.h.......Jy..XT..0f.....Sm87..?l|..Y._.k../....?.AY.,.x....q...=Bc...X.... .2/...pQ3.j.........N.n.C..E.s..e.O......Tr.'. . f.(-":..&J.n.]..........K.h....$./...B.E!.".H.).X.8..Q.?.c.....|.h.-d...?.5........K...1....<..:_...d..d....h... ..c.BlUJ.c)........... .T..1Q.1R!.'.l..ai...Q.1R!.&..R...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 261 x 265, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32309
                                                                                                                                                                          Entropy (8bit):7.9804976554334655
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:7NFP/8lSUsE2h18x4Su69ZU+VJpszMXneyg5PTg:fP/8lSkLd9jpszGneyg5U
                                                                                                                                                                          MD5:FFEBD5099333A2223979DDC7AD6E75E4
                                                                                                                                                                          SHA1:5BE640F0A871C4B1C9B2858ACDB8795B96F44586
                                                                                                                                                                          SHA-256:4F80FA15BA8934B3E4612BAF88F1DD2A633A1368A18F4F592D17FBBFCB635851
                                                                                                                                                                          SHA-512:359A50BDF3CAC8AA7B4D8CE42CB83F52CFB61AA969EB8B258F09B9BF1311C0B7FB3B974CEDEA72A0B94FDB0055CDF1F7489390E492F07547DEBE75B2EE5FC728
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............T2.....pHYs.................sRGB.........gAMA......a...}.IDATx....\e.6~.[.^.g%...t ..H*.#::iFG.uh..7..3.gQ.HG....F...g.q!......."J.i...v.$.....{..9oUu.;.Iw...._..[.}....lD...0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.!..9.e..."O.B'..6M.."(.rQ8..E..9.....\.*.........:.$.Q...C...{C!2p.. .9.....o.I..D!(.k.A.L;....&.s..).Q.-.}+....B.....m!.s..).1..A.;.o....T..)b.a5.M.....\.fKA......Z..M../X..?/p..H..%...R.#`w...3\.G....t.L...Kkz..!20'`....[....U;M?.p'.....{.....T=.R.rp.....!......07`..U....)}.F........k.j(d.j.LR.l".."..d..aX.U..6.z'.B..Bu....&...,. }#..Z..B....D..f/"..X..0......P....N..~....@U. ...>u)..!.J2P.0H.....c({.q.......A.U.].z....z.202.R.>....).A.U..0..L1.R.:..2``.a.B...9h......)T.2...:|.........t.&.U........H. .._....7.........3.6\&..[.^;.....d.*a&..FA%!0V_.,].x<q....w..[7..%3S!Py.9c....0H....m.#.....v!......xa....... ..z!..@Z........F......w.&.....K$Q.U......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 300 x 584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32345
                                                                                                                                                                          Entropy (8bit):7.970403798736529
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:b4L2222222222gBS2222jbjKQiIlGtteBfKZiPb6++0SqnQcI:bybjbBlGzCCI0qnDI
                                                                                                                                                                          MD5:EBE97C44DDCD9F77F1BBA3B2438385D5
                                                                                                                                                                          SHA1:42648E15E7B62FCEE58CA5EAAF0CBD81A63E35C2
                                                                                                                                                                          SHA-256:26EF082565402F86EB018C87E41473F4FB2D52EEAC73B9CFD8FE81D51931AFE6
                                                                                                                                                                          SHA-512:552D36347A3943830B04A4DE2D0E4E2032A9A108203E824ABBF16595781A2A19CAF36FC813422AA6F4FE74F4B219ED376305D424E0CF17332397969E26DFC5D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...,...H............pHYs...%...%.IR$.....sRGB.........gAMA......a...}.IDATx....-.f..k.c.........l................RO...x.@..A.R.......Q....\.*......j>.HYVdCuv.1.#;.y..W.zg......De....|.gE.,+..:-.......<g.e...>..._._a...V...+.@F...6hJD..+.H......m..+.H......m..+.H......m..+.H......m..+.H......m..a...U......l..6fW..~.T.J...zy.]zX..(...!.*.g./ _.9#......GPH.#.....(?#..c...k.6o.-..e._tO.Mk...'.B..W...V+.. ].N5xW![.y...~.vx$....U^K.....~.I..GQ&.w.{ye.l.6.hug.ff<V.HD&....e..r..Y..L.F.j.....I..9..+u..@...._..lGWN..l..J.H$.F>%L$..A:.D"q...J$..A:.D"q...J$V.O......wbm7...g..\..5............a...QS...*..k..4....3Y.:..ioq...VN./K.b.S.../...r.o.]Z.(f........(.........p.#...E'...J......j.&.......AG+....X.}%,_.t5.......T_.C.<...!...C<.>! .._..#....3./K...#.Q.@.b.iz@..U...h....&.5nD..UEFQn<.nu..qVz....k.-......)q..+..0..V.E.....h/.....w..+.xu...t.D.Y...5.(._f..Jg.......;.8..".....C.j.f.U$...tw........0.H......m..+.H......m..+.H......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-checked.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):550
                                                                                                                                                                          Entropy (8bit):7.365785777829338
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7X/6Ts/Zxu2I2vTmxfqMm1xZjwZh+YVZofYnTZZg2DDb7:O/6UxZvmtmFQ+YVWwFZg2v
                                                                                                                                                                          MD5:CFFD59876BEA5DA102DFE5C50782E14A
                                                                                                                                                                          SHA1:7A595D0A3E0173AA809662B0A5F83D3287DD31DE
                                                                                                                                                                          SHA-256:22AC71BF547FBEFC2283435A497C80A69156A11C891833DDBCF417C101504D6A
                                                                                                                                                                          SHA-512:3E7167EB0C6A61FE607DB78981B4DDAC4F791F7763428EA68062B5C93B7ACCE205595881CEDBA1E6D415237F0954341FA2D947A5D3D9FC784B9BB9FB096FE41F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............JL.....pHYs.................sRGB.........gAMA......a.....IDATx...=O.P.._*:.+.M.8..@G...uq......!:I...+..(....N$.ap.V./.k../..$Mii..{.7.-.....@......|..\....Q....-"....u ........<...p...;........pP.....Y..c.V.......4..Q.... ..!R7...dB..#.(jB....u.".....HD./Fy...=t".1T.k.z9...C.Q.P.v...N...kn.Y.|4.....\T.t....7....!!..'....F..b3..T7!l]..\......%..y.e<3i..x.V....Y.6..NA..^qL.i..).}..dni.[d.q.sKc;.^.....M.CalH.a...8..y..y|.g.\+...52...8.Z:.......<....5.-.6.,F...%!.=.($B....~.].../{......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-unchecked.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):296
                                                                                                                                                                          Entropy (8bit):6.650770439855377
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPZ2/6TsR/fQjojnzBBtSuJ6arOa04YiAoYNvuuzsVc/jp:6v/74/6Ts/fZjnzBGuJBia04Cu4/N
                                                                                                                                                                          MD5:B0965466603DFB1A6A7009873BB14424
                                                                                                                                                                          SHA1:098819CAC978EB75AE5962D17009A8E0F88BF0D3
                                                                                                                                                                          SHA-256:C842640AAAA593064CE50946E600B6D18D320B9B728F4E26D9C634761D88F622
                                                                                                                                                                          SHA-512:6F859EB75FD3CCEAE302C16FC29B25052AE91C28E3D3306AFD10323AE6618122C2CE43D45215EFB2108D8FFAEA04B7B93AFAD976A9CF6A1D410F0CE589CE08DB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a.....IDATx..... .E....A7.Q...t..@70N.e.'...@.......?n....s....q..a.a..1R.G..h.....j... .....s........_Xk}VJ.....m.O.........|..>..-.-.........Z...n..4.[...9....E..mv..../}..Q.+..I...ZP........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-green-pc.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4352
                                                                                                                                                                          Entropy (8bit):7.936868086263868
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5SztgGRFF3naAmb6OcDu2Y+rOdlyhreiigpekbx8b:5SBj93naAmWOcDuHuhSiZDa
                                                                                                                                                                          MD5:08D943758F483C9EE8BFBF0640CD101C
                                                                                                                                                                          SHA1:0000FF8475A54933618D517B45765FDC893E97CF
                                                                                                                                                                          SHA-256:E8212768A46B73CFA917727B1B01649F4D57748A4DA3D237902E1639C1E71DA9
                                                                                                                                                                          SHA-512:5A981900ED3D49B86EAA1CE1EBD9B8A380CE3EF4AA055E4C6395B957AE3C457E1D64C936573C8F105656A14C4DAB3D5356A4C37EE2295BB7B3874EBB37192910
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx..ml[.y....II.DKT$[vh.N.tq.$kltk..6.X..[1`.el.......t@./.}..a.Pl...K...S.E..V.4M...&}...v].HI.H..==.h..I......3.x.b.\..<.y.s..(...B.P(...B.P(...B.P(..N.A....6P@l...@.l......O.f..F......D.<....l\.<...h..2.<#.r...j`.%....<:...V>{+......)......u./..=.O...!.ZX.....>.4.$..yOFls.q1...E....$.S3rb..u~!..,..x)..)..O3........@e.(.._.......b...N.0..i.........k..JX.".G...^>.7..FX..k.{]..y.1X<9<.. ...+....w:.....z.e?X/..S.......j.qM.\+.,....b..*i}..j,.h.H..U*.S.Z/.ES/.Wy...K.....)...R....BT..D.[..]..5Jc............O..I.BX.+K..x.:.l>.k'X2...x.,!........w.Nx.."....W.C.......'G...(le.W2.s...S......./;n......>.B....8....E.O;)0.u..|.1..K.....Q...H.AX....;..&0.....c.bw..p.G..4.,......p...<~....{.=..&..'...c...j.O..$..8.3.R.}...9.O...!..]..~M`.m.>c..).r4..p........f._..Z)....X..e\.WC./.~....r.qKW..V}\.......=x7.P....@....?.=9-u..y.+..P..=..f..Jy(...X....]X.....F.B.#

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 200 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3472
                                                                                                                                                                          Entropy (8bit):7.914294719380596
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:0BOO0xiRfpQu8pTvaIyE0E+y2Y5NTIMDBoY9I6ZDS9vH8C9SHZ/R0Jjnjc7xa0Dx:CryTvkE75NTLOY9IuS9vcCnU/DW2
                                                                                                                                                                          MD5:DAB5B1667C76E51B013C1C4AD2F7D532
                                                                                                                                                                          SHA1:49375ECB91B075E06624BFB5FEDB3A0DC4F1935A
                                                                                                                                                                          SHA-256:A4B95F7D7A776BBC6A84997A601993D3D4E0EC66B48F7D1DBB816497A248A24E
                                                                                                                                                                          SHA-512:843E8852408E5962C9FE62EE2441E3A41622CC929CC22AC9C692B5B9C8CA9D912AB143BBAF274899C59132A429B9032BDFADA51392E221F6F98E25C3DF0119B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......(.............pHYs...%...%.IR$.....sRGB.........gAMA......a....%IDATx..]Mo...~g).,..]... . ..(P;..T/..R..z.....Ut.n*..\b.?.q......-P.P..P...X{..@.AW.Lq..;;kQ..~S.e>......pv.y?g......^...=.Gc#%..v{.>...pbb.n4V.{{{.E...2gl...iA...I..Z3L..O\.|....9..^..Y..ax.....'o.g....1........-0$...-..i.e!......6....u.u.I}."..A.....xI.......~5...~....|......L......y..iBB...w.^...]R(.y.q..T...}.3.4.pf.Q.A.)...../..kmp..$9.Bg.?....."...=....G..W_..?.._M....;H........g5....r..g..... .....jA.($.o.y...7*)......c..)..T7.h....W I.{.5#I...|. .].p....Op...\.q.,.@.@.r7.Q>......5{....O....."...#.L....]..-.U..\,iZC...|.......i.s..-d.R.....4...(B."51.MB."..g*.'.<....e....8..'...!Ks,....i",A\.D.............{.U.0......:..x........~.P3.x....x..o...,..-....3-.{..Q.+y..+m..!...m.$..|..U...H...O@...8..rQ'.J......@....^..P.vvJ.....L.......m_..s.$[...dK.}...L...~8...../^|..U...x.De........>..jk.r.saK..\.:..".....3......S. &:...}....T(..?......k....Q".....^.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 227 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6759
                                                                                                                                                                          Entropy (8bit):7.889394285207192
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ZgNNLlmxVJnzXmgYshy0/MMA+SJ3zjaVDRL3Y9M8jX10ZYUQhyG:Zg/lmrVXnPVkzJ38dL30M8X14G
                                                                                                                                                                          MD5:F17683FB6249E0FD8188AB2844EBA5D2
                                                                                                                                                                          SHA1:A084098F96F87604F96737B202935BB1AD023F71
                                                                                                                                                                          SHA-256:A0977CF048480EC62B8CF0BE174466A31612C21CD57C20A28DF69EC7A465E8B2
                                                                                                                                                                          SHA-512:3E2406EE7F4BC41059D4F5ECEDAEBDD0377906EDBA31423AFF86163C217DE47181201272641688AF52FCD00F10BC3F0D90A819D5F48868F598941A4B8BED32DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......-........<....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx...{.T.....~.L......pI"B...M...j.+HRV...T6Q....M%Z...U1.....q.&fAQ.a)...DA....0.# ....=.......3w.=..{...p...L.t.4...9..;.^"....:u.Ot...D...[Hy.\..<.!...R.~.#...;wP.j........P.....Cy#.#..m...y..o..F....w..]..uS..u-.,.Fs:.;.|~=..].R>w...g=Z..%....4.....x..9y2.....sC....q<.......P6.Ea...k. .4.:...r|..._..~.0..`..@3.y......,..u.#.O|].....ty7.7.SU.^......... ._....~!B...S.p...].~...y.^.s..$D.......O.g..z%]...............~.n.t.^:0Ju.X..n....sd....0H..:6../.q........?T!. ..8s.~..HM?.......)?.....dB...xt..i..;. ....A.d.|...........)A.^..?.1G.j.R..&.........w|..0.O...._...8..9..0....x.(.:..^=.....3.5|..B./..`......@..vT:F.k...!..}..... X.P.<6,......S...t.d..P..J.;..W...|.."P.....S........~k.........._..W..T.fr ..z.=...^T...T.u.}.qEu...=.}.w..~.&.x..jm.VD=A,..V!.G..g..".~..}^R#.Su..S...8.z'..0.....@...@....8.. ..6..@...@.^..r.....Um...~2.....1M...a...a...a...a...a

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-grass-lg.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 262 x 206, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14880
                                                                                                                                                                          Entropy (8bit):7.950282493364645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:LA1gTOQhDAZ8uuVkJ/2hWTEGdjzZkPZa9HS0SI30pNceqnUk0d:SgxVu8kJ/TEGdjtAQ9HOWeqnUk0d
                                                                                                                                                                          MD5:FD7583B7091CC8A4BC321D3CD9CA4986
                                                                                                                                                                          SHA1:DE974AA0EB8A39AFF09AF8C9E4971EBC26D35ABA
                                                                                                                                                                          SHA-256:D0CC78D7C65ABCF0A5956AE2CF63DFD1CD8B3F9C3543D6EA307B20E218B58D6D
                                                                                                                                                                          SHA-512:9067272C7F83C83A3079069AACCD181AB8D06923F98035C1A64FD06140AF23CBDF010927E1E7BB907267769D9FB832FC0053A4BEE8C6FFE2432DCC9CCC0ADB75
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................Q....pHYs.................sRGB.........gAMA......a...9.IDATx..{p[.}....A.!........?.8..4..i.m.X.6.v...m....a..v.v..:..ifkgg.z..X..nwvv,wg..d[..&..t.glY.C.$."H...{.....^\^......x>..I..!..{....w~.@.P(...B.P(....y.(..f../O..N2...`..%....,3..4..a(73}..(|A..".|./...p8z*..u.....7...o|..(.B.."..../..?.G.....)..M.^.>..;...........E.a.~z7.i......J..'8...{...r...Q.."........B....2.n.....E...=.GE...1..'.n'..D......L......+....J..]....|...G.87..%..P.......w...C...`ya..@..Q,...&J...#jhu.....h.R.;x.q.....\}.....EW#.a...a.X.;...(aPt=...C.aX.|..c8...EU.0(z.........W^Cu.0(.G^3...@..%.`\...#J...#.....%....db..}.3&@...E..>..Y4....2$..(...9p.F@.H.....4......c.."j ..(..{0^7..e.........5.`6.o...[.."...K.r.....#bo.U,..\...X9.B_..@.W..`.:..X...?8._..q......Y.r.0(....i|.t.r_.L..}.A...l.~[Y.8L.^..AD7...v.o}%..?.....qK.T...G...Z.<....P....Bmc.{.....~.O...x..D.3.(..|T......x.|....F$?m...6........;.ms!T..,..8{.|..H..JTD.S.....x....2..........i.V(..F

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-grass.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 276 x 275, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):19622
                                                                                                                                                                          Entropy (8bit):7.964460896615546
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZCSTirkma9GdgvgI1QZB22IVMEyndB+cGthWFRi7dlQYNx:firkmawGYKzVc+ptA0dlhNx
                                                                                                                                                                          MD5:D1592D005A64FA7F6D7BCE9399A21535
                                                                                                                                                                          SHA1:571F4B18460FF47A95A77B8B4CFFC43665132586
                                                                                                                                                                          SHA-256:B3FE3FA9475C41A88F736AD8313228DDF33412CDB55032AB66E0C40267B4E7D6
                                                                                                                                                                          SHA-512:D5700F93B24614B6C11CCAABE300AF02AE8075380EEE7B596624F77A80B32D648D203DA006D63EB9AD35AEC3E185DCCCC545EB812D47D777FCE4D17DF3788FB7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............u......pHYs.................sRGB.........gAMA......a...L;IDATx....\..}.{.Y.&..J{i....$@.-..6n..,.k3Lw.H........t{........7..........1=..Xt..L.%.L.1X.-@...v.J..5+....s_..Y/.-y_..G..eeU.....9.....d...N.....H7..}.,.4....7M.F..W.~u...".P4..;....f......8.:b....p...~.,(.6..4..?..MB.,......(f.E/.T..(Ai...<5h...t2.=q..D.b.t.H. e..+{.r.......a...2O.Q..T|......]..X.d!..W.~. (..%(.....3N...t....X...dBY..1.^..5..(...Wr..]1..K{....!.J.,.3.p....C.<1|`...FQ.(Ai..F..}....6.....~.*........$P.=JP.....r3..\9sNj...A.Vv...>P.5JP.9`..l.J...L[.h..,.@..[..(...:,._..S..@JT..%(...t.....J[w'._..2AQQ.O}..EQ....h...i. ....xj..u....+.,e.....5r@....%(..Y.%..20...?c.D.U.2.R.:B...3h...^..c..D...E....JP...6}y.B.U.R?(AQ.B........@.JC@...(*c.....a._.(Ai......T..r.%eM/|.QQ;(AQ..e...s...4.C..y..4..8.B........Q.~..P.<JP..b..!d.O...=..h...(..%(...8.e....<T.hL..4...GP.<P87..;OEQ3D@Q....5t(.8...3i....5f@...l3.4Dum....(.$D..[\&8.....3....@..f.PC...]/<3^."..L{p@.F,^.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step1.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6756
                                                                                                                                                                          Entropy (8bit):7.951030240191849
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:pS+9td5bblCdVjUvfClRVD5BOj8vdEH0x:Q+9tzl0UnKp5BViUx
                                                                                                                                                                          MD5:D06A434769F945571023E8769557B8F6
                                                                                                                                                                          SHA1:BDBEFB036EA02A0CFCA1F2A508097D0AE90AA7A0
                                                                                                                                                                          SHA-256:0BCE929EC4011A5D69B37DEEFC5D197A6934B0B3FD369B7E94B48AE3EBD924A3
                                                                                                                                                                          SHA-512:C8D9857187F5EE14B2E57EECAA158715A0CC750E063DF1ADAC33AFC4A12CE86E905E2633FBF51C489E5318763C5347A5AE1BAA3EC6CB4D4281625E61A215EC8E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............B......pHYs.................sRGB.........gAMA......a.....IDATx..Ml....g).u,.Y..j.....i...b'...^.\....Shs.|........l..zJ`..].zI.%..:........a.u,...B.....]......V......}........w.^3...Z....SSS..m..&....a..O>...!..q...v....'.w....y.0jx....U.....H..r......{...}.W....}..$*...k...I4w^..g...W.....I@..q.....+..B..8..{.3....Z.......C..eX$.H....0:X(..A"....e8t..$.mW...W.?|..?..2??_.f ,.>.0fff.....*@.H!..,J..I.4+SO..f.b<~\...,0.>aX...<..f.^...`A6...c...`:..Hr..]+..^.........U..F........_.Z..f"E.F....E.1....]$...p..R......._...2Q"I:j..c...~Ke.:>.....#....2;;[...v>.w.i4..@.V+....b.........o......v.&...I..p.p..b.b..5.......L.R..y...]p8..Qy1;{c.R...I\.pEq..U....!..;......`.C.8y.I{D..6-.0...Ht...x\..]..GigW4..E..iP,........S.....Nqx....`...d..N..l.X..E~.4..\.<Y.'.?."q........Ac.....c.....".0h.....6."...>.q)z...P.@q\.(.<I...SQk6K@b..a0..9v....m.F....{.h....!.....Q..........b..B..<?.Qe.D.6.)r,BH.k`j...P.1..."^.QR...K0b..H(z..f.......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7617
                                                                                                                                                                          Entropy (8bit):7.944155200733493
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:pSsseu8KqDq779ZHPEKV0CHg8InzYJsFMOr85A3+YqtSfw:QWuZVpZH8eBHgDzKsFTr4AMSw
                                                                                                                                                                          MD5:94EA6CDA5A520897E4D0ACF2A78AA7E3
                                                                                                                                                                          SHA1:E15726ABF5DF7E9E0886C818ECAC8224ED745649
                                                                                                                                                                          SHA-256:CCF6F60DD727767420FDDA34154F9338E8EB1237CFD43B66D55939AE28DCDEEF
                                                                                                                                                                          SHA-512:443881E06CCA839A38244ABCBBCD122B4E1F9E81F249956007E935457414390190E431A89F8A5B89E47989757724871D7A2069F98441712F21E4A4CC92D34A69
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............B......pHYs.................sRGB.........gAMA......a....VIDATx.....}..g..]I....-...........A`...F]...z..4.....<h.....WK......A.P`W.CZ[.RI].q......j.&F`..Z.83'.7.....9s.......p..........H.../..~.VI/j..Y%nA.3...l.cn...r.^........u...:\|0.1.......:...V..D`@D......2.Z.2YE........~R..g........w.~..h.x.C".Hy.l.3..,^......6.nY..K.m.(..X..{>....6..!.(@Q|.T.^....g..3u.r.k....g....?h.<x...HH$..0......q@%.."....f....iB...6.C.H....U.^.k.I0.L.H..v.*RH'.h..-...."5.6..s?Z.F......m5....n-O.+..".........use...T.........*...u.....%2K..6....6..f...W..2~..z)e.4Qc1.keQ+..J.......].....}..=..&L.S!..K.I..}1..^cB.....w...GS....u46+..#..x. 9...w.2...D.$1q.Qp..1....Y...x.....*X..4.h.ENt...+W.9..e"E..88. f..B.h..4(.C.>.../.I.&...I..@.JT.....6.........E.#.`........[G')....`..w..S.Zw.@T..ah...(.Q.............^$._..r.zD.....i.0wj..1.G..E1..b.....{...?Y..).1....[k....B..P....&...x.L-.uA.....W..;.`k.7o.{.7..e...#08)..-s`.]Z...?..9#W".7....+

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9632
                                                                                                                                                                          Entropy (8bit):4.045654384803325
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:jUSSVnGzSsn2hwPYeTZK+GzoulH8OJo6Jbtyxo9+jRusFRLLDeWn4e:ASSVGzSoJweTZb6JbwkEukZB
                                                                                                                                                                          MD5:AD9F6D74C87EA1132769CD664291BA96
                                                                                                                                                                          SHA1:CE0EE3C4BFD3327C6ED6F19D50252619EC78CE06
                                                                                                                                                                          SHA-256:ED584F3EAA82F35F195C7ABF92E8D211BB76512654F3CE76DEF554BDD211C27D
                                                                                                                                                                          SHA-512:91DCF88B39DE827047356B2B72380B3866E13301E2A6BE15B53793933014CBA567D3A051A81BCA39CEBADFD641755BAE1A5C09DA4616F1B842BB3B3E6201CEE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(op

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4238
                                                                                                                                                                          Entropy (8bit):3.7823688858786118
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:kZ2B5nzQw2n95lN1i1BMHiKHzReZDeVBvwCh:kZEe0fIpHNeZDQBwCh
                                                                                                                                                                          MD5:6511C984D3369BE3BD0F02FE28DBDC57
                                                                                                                                                                          SHA1:B1486826379412D50840282F708D08D85B30C35D
                                                                                                                                                                          SHA-256:C6BE3E68BA49079B739CE7A26C31862B10B00D129092935FB31CA7D17727DF91
                                                                                                                                                                          SHA-512:D94B0A67C069B12B307B8B6249848A48029C8F7C85FBCBFD133B6C22990E1FFDF05A93D3EC2AB29DA3461F634C1EF9F82EDFBBB8E50D92CD9B52A859806AA40B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html.. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3395
                                                                                                                                                                          Entropy (8bit):7.880811480479431
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:WS0DKX8AWw5a9tRVEGCtbiHX+VGIGW09iYl1Avo:WS0DnAH5YRVItSLjIYDco
                                                                                                                                                                          MD5:E423607709409638253C24C3688A88D9
                                                                                                                                                                          SHA1:8ABC653F71614F6B707B01862449FC800D27EC61
                                                                                                                                                                          SHA-256:3B7849200BA0C2EAF22C3D111DAB6A630A00EA4A6EA968344EFB900E79084E4C
                                                                                                                                                                          SHA-512:BF70D4EE71BB441C7C36D0AADBB73C68B089D7E431694E54FC1606FB5CEEB8A30FB50F28FB5BDF5815EEC600364B0AEF98F57C23C8C160FCC704728918886259
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a.....IDATx...r.G..O.H.!..6..@Y.[..[./r..\lQ[......x..'`.....r...T..\d..m....X....56..K..9c..}.4.fF..U.I3...........B...b...3..%....c1.<.....x.7r..s...`./..<...WK&.......0v>?.2.%..4..y.....9. S..{y].9s&..#...>|.......\.Ry.4.G.3..9.=66....F........c)..Y.o.......b.....w@..-....q.....]....`,.bH...A.&.)....\7....79]...b..(....5.W.u}v4....!........:*....."..]c.*(`.)..u2F...).m.+x.f@BF..67.&&&4....@..;mn..+'...."..~.....T....[.......5.._.@u}o4..,..Ao.!.?.Gl...,f.......[..Uo$...'.{KO=.............,x.'...~p`.&...I.Psqcss.V...0..H$.O.A.......@.{...\..4.O.,.W. ..3...m.H.w..D.H..T*..6LQj.....UE...w..|f]..Z.q].Q3...rN>.....J]RU.F....q...~......./p...c3......{......L.+..............9v._..:..h..@o_....p..9.3......p...?....G..F=z.X.....#.1..A.?Rz}..I:....T}7..V.?.R.....X...Z.....H.C..OU...Fl.....a..?.......n<.VWA-.~....x.......{$..I..V..X.AU...^.|Ys....T...c.`...hg.......vy...{.v.......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16591
                                                                                                                                                                          Entropy (8bit):4.4196633349386865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:BZwBjFVz+j5csy4h11lidEaCaNz4UcEm7damvbat2RSFZC9On/P:WBQj5csy4DIE3oUUmMmvbaHH
                                                                                                                                                                          MD5:DB8946366F7FE015D78D693B641E9BB6
                                                                                                                                                                          SHA1:977C2A6228E318AC970A149FFD1EDF22D2117C9E
                                                                                                                                                                          SHA-256:5534A02FF547945751DD3509DE7A4D5A651C0B15AD22E0F45877E7FA1DD14676
                                                                                                                                                                          SHA-512:50F4C324B026749E6125DFAA0E0505237B283B6162FB1912A222F85FC3865B2524F2AD3798237154C83FE0807523318E1DF89EC074A7A17DD8CBE24DE259926C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {}

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):558
                                                                                                                                                                          Entropy (8bit):7.494810764492959
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                          MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                          SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                          SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                          SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):785
                                                                                                                                                                          Entropy (8bit):6.380231936591206
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                          MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                          SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                          SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                          SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                          Entropy (8bit):7.1140535970703365
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                          MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                          SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                          SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                          SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):272
                                                                                                                                                                          Entropy (8bit):6.591404605834916
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                          MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                          SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                          SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                          SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):428
                                                                                                                                                                          Entropy (8bit):7.367179920202989
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                          MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                          SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                          SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                          SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5361
                                                                                                                                                                          Entropy (8bit):7.956335361585333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                          MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                          SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                          SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                          SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2938
                                                                                                                                                                          Entropy (8bit):7.909981061900822
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                          MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                          SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                          SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                          SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 175 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2517
                                                                                                                                                                          Entropy (8bit):7.899112131446941
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:/O/6MOvIltQSb2EVW6+mjuOR6aPFUCJou7qDnUa+oNWsYFKaUCBmb:2SrOtQFglR6a9U2f7qDMoEh7UCU
                                                                                                                                                                          MD5:C5FFDD4032AA96D998DF4BBE0DFD49D3
                                                                                                                                                                          SHA1:46BACEE7C5C587024EE25C2E900C7580B1F12FF9
                                                                                                                                                                          SHA-256:010AF7BF170A9355D191C042768D37E4E8559EC4384F27EEA39A79C4BD1C3AE1
                                                                                                                                                                          SHA-512:BD89D324B107FC6B7806B3E5C098ED19C7D19DE47430D68C903F632A4471DE2C00B4290F306366C51EE71819AB8E4C9897C4827846EEE604F7F6539DCC38B6EB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............`./.....pHYs.................sRGB.........gAMA......a....jIDATx..Z.o....YJ"...[$r.(P#Fc.\."...^E.....=.:....@.9.....d.^...S4.6.@..D,."Ll.....Y..!.T. z...3o.y.W.....O.yrq....b.l......u.z............O*....uZo.]..A.xu1....M..c.+!6.N{,n.P..{B.<.....9....~.W..z-..#.1..q.7p5.._%ja....w..\.W..H..........By.%.?....CQ.Z...j......bV.f.....c.](..6..d...|)..hTe6.O....X.\.:q....^.I..fZ.y..q......}!.....v........U..x....].e..o...P.]...u&A._........c.<...P..3..cO]...z...:bFh.~....`......1V..&.......4<..{.*..t....S..j.S.s..Q........'../..b.PRn..P......`p.......@...8T.P.Q.R{..A.\.).N.i0...+.=<9...k+K..vz.DL.M.^.7......O.. .o...@... ...wU...m.3....x....l.|u-...2.M.N{^i.d.......s...R.H.`.09.;.....U:..c(.D$.N.(G.P.2.....T......r.W)...@h..1<..CI...<........M...X......$....[S..#.r..C3..y.R.P$z..).n....Gy.W......d..H{.3.q}....q....H..T._~...@..5....U......n.......1.)..'.M.x...Ab...x..=.<...&.x...k.q_.4#...l.6.i9.;.C.9

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 175 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2146
                                                                                                                                                                          Entropy (8bit):7.878767198815235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:X/6uYit83CnCOqfU1paiFTeUpKJX9+E+orrs30ocDx4/OcrG1:XSXi6SnChfypRFTBpu+E38kNxKOcrQ
                                                                                                                                                                          MD5:39D8F472934136936FF3FEE841245A9C
                                                                                                                                                                          SHA1:812281447AAE48A891F8A5FA9CA63C117E5E9ED1
                                                                                                                                                                          SHA-256:DA9F72BF2AF97A5A1D5C8884F8D5BFB2CF232A7026CF9123E02F5909AAAD2F70
                                                                                                                                                                          SHA-512:7C3791E59F161A31486E36F6FB6A23E0589286342FE4A11D9DCBE975194ED0EC0EF223478072B2360E3CA276D6BA5BE0C4E2FE64FC82BC646945965E03556447
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............-......pHYs.................sRGB.........gAMA......a.....IDATx..Z.Q.J.m-.....G`9...?..".C.^"."@D.D..........8..........>==.HH.k1..v..y..zN?.d.?..nA.?.......L.M.o#...f.GOK|m..O...........KW_.P%...*.k.X.........;.v...|.|..KH.,.@4.....d#+{(WcN....... ......C..).CG~.g..M..*.jQ.y-S.u.}FA....4........b..9.&\.../)=&.3MY6Mc.5.SS.r.rI..NX."Q. .;PH.@..$....3l.(.1.x..|=...CE...*......Q~.J.......r....d.$.9...\\D.x/..;.%>,.p|.EO..].4"r..i......D..Z..%.-..bQ....m .~...k.a..n..lR...>p./(.f:-.k..lU.!.7..]Ut...~\9.....@...L...|...h.W..R..e..PV..vt.x_..I.h.4...]<...G..K.T.V.)...w.....,fv...^..)........)..........Y....@.8.....[..|x.wYYW.9.X..C...p..nP......p+|.-.q.F......>%........FL..s..?.J.%NH....;....b.dy.HN.13^.y.3`.zM.0.....u[-.....A.|e...4..P.3o1r>.y.`.gM}...H.R..;..F...<.zT..T..[.+.P..Q.>QS.Y..aN .>.....vc}.?u}].c6}..y...y[._....Z.@....P..o.S...^...yg......h....>.jB...+.1?.&V..V....<.O.......|uX...m...::..9...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1627
                                                                                                                                                                          Entropy (8bit):7.826159192497283
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3F/6TZYDTDiZweTZamTAaTJ6r/OIQz5URWkUX:3FSCXi6elamQ/Eb
                                                                                                                                                                          MD5:E6797831954D0AEADF1E7CD268F4BE8D
                                                                                                                                                                          SHA1:8CDEAC8420271C46DB443A03C58AA2E039EBDE50
                                                                                                                                                                          SHA-256:9EE5FC5E12400AE65711B9B664E75EEB3273C051E29FADF4FE2104B59C89437A
                                                                                                                                                                          SHA-512:EB53492D4B7BF87E09D049006E8759A87C4062950A9F88A636E7B7469AA5937DAB463DCA22294FE64A09DFDA19BDA711A6160E7762F147E5D2F5A95E3EEDE984
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...d.........{.......pHYs.................sRGB.........gAMA......a.....IDATx..X]n.F..%.@F.V)b[z.OP...O`...O`.H.j..h..>A..X9....A....E.Kv..H....7.%..(J.%...@.........n..DGN.sH......B...w[Y..R.....]..'......3.#...+........q|..).*.....$e.M.d.;..w...*.^C1.Z..h....O.o.X||.,.&A.....>).vF...p..S)e......./.y.pW.Ph.Z_Hy*.h..LG.{..,.b*..4.."~].qg.Q....(dx,..5...sFh/.n.0. ../....y....K*.......\F.R.....R.. 8z+....7 ....[b..dS.^.vQ.X.+.B....W=n.b.m.,..q.?...<....l.H3..V.a....r.V.|?XP..t.E$._?..k..[.x.].E....5....^y...b..6.9.u......e:....<@iV..-C%W.....8..C&M.o....!?KY.\o.6gr.j....../......@p......r&C....D.v:....[k}.X.l.u:..vv...Ve.....:.....J.@.~G...^4.M...4-W%....p.z....[.D.J....0....K.K.Lm...K....@J..vvgd*..Iyf........O''...%....MS....V..2.\2-..O.y.iLe..x....k~~.Z..6.H1.h.@:...;PF...l|...}.|v..)3..q....nw...6{...i3iM......}pe4..\..... ....d.]....D.`.a.C....FD.!/...s.4%.I....|S....-...nK...D....&Ov....a:H..V.&..."|.......:#.S...|..u....H.:..../...a4j

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2902
                                                                                                                                                                          Entropy (8bit):7.8683772202551845
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:i/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODW3O1:iSDZ/I09Da01l+gmkyTt6Hk8nTb1
                                                                                                                                                                          MD5:E4C0EC02D11F61DA1A702B0EFA2EC744
                                                                                                                                                                          SHA1:F4E64300F14D0BEA27129A72BE91A668A9B9FB9E
                                                                                                                                                                          SHA-256:2AC30B35B0BC163BC18B3B4B2982A6EE4095202FCF2EF8E35BCD415D8FFE04A8
                                                                                                                                                                          SHA-512:6E659358DC715D700E4FB9BED2B8054408D3BD79AF8B492D6197D53038990AA12558957CA9C4BD436D83C2507DF165C55F2F0FB4E93C13480DF932E58E16EED1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............".L.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2816
                                                                                                                                                                          Entropy (8bit):7.867254837776759
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:/h/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODM:/hSDZ/I09Da01l+gmkyTt6Hk8nTM
                                                                                                                                                                          MD5:59934A5C534B8372CC2ACAD83B1F55E6
                                                                                                                                                                          SHA1:8285F5654E3A077445E73685ABFD638BE7F1F4C6
                                                                                                                                                                          SHA-256:130541A07A3D9E2050A6AC15D659E29A21F080F6CB1D7DB2800255FF94FD8310
                                                                                                                                                                          SHA-512:37D1BA15D460F33B62FEF40B32DB95F136C268727AEF5ECFDFD3ADA471D26C78FE89438D0BF13FD966E19FBB7A9E06BD3FA27DFC326AA42699330145AD634BCE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............TK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 4 x 18
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):376
                                                                                                                                                                          Entropy (8bit):5.513362384873133
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:772Q1kVEn88d0e6FEVU5drwF0cVe6FEVU5drwF0cVe6FEVU5drwF0c4e6FEVU5dH:772LVEnl6FEC5drwns6FEC5drwns6FEM
                                                                                                                                                                          MD5:BFE2AF9C7C0433C86314783E61A437BA
                                                                                                                                                                          SHA1:4CB221B2CC8ECDE82AA813C3E136DB749BFCE3A1
                                                                                                                                                                          SHA-256:0DD3C3D9570BCA1ABC663C5E301B9CC8025F92EC0C12B6781A8A521663A8DB75
                                                                                                                                                                          SHA-512:22E3EBE60BCBBFE6B728885CAE1B16BDB8D980B1AA80F931DDAC4020EC13CB7F3AE80CCD0A1A7465FB513D1AC70AEB59B12FB5E88CF6EC809EB178CCA2DB5405
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89a........2^.q..Aj."Q.a.....Qw................E...!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!.......,..........#p..$.u24.K2)....0..d<..0.....h;.3..;

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 13 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):391
                                                                                                                                                                          Entropy (8bit):6.968282594262006
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7Y4njM9CusK7SWlR4oPfMrjbi7voD7:0njM94QSWlR4oP0XbVD7
                                                                                                                                                                          MD5:A85D5FA023FD935DDA508A42B9DFECC4
                                                                                                                                                                          SHA1:2EE82A16CE7120CB2B211A3502E63023DD011C4B
                                                                                                                                                                          SHA-256:A47F084F275C50D52E4E74E44E554E4810210029337B13DCE3E98EF29FDDD35E
                                                                                                                                                                          SHA-512:1E07CC1A5CB220AE4C3FFE1860DA715C2C9E569B79A61818B4FCC2EDD4C9C6D05EA597DDAAB20B37950A005B642CBBF995AE809C0774D2D8584D87D2C366BADB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............&.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.10/1/14........IDAT(....DA..._.V.%D.h.(x....(6^.+(<..3H4:...S*..M&...2.w.f.w.sNf"...s....0..6...8.~.`....u..(.0pU.~..X.&Nq_xn".6:..a.......SJ.6("V.u...H..]....\..X....k5z...Z.q..X.NhR..X,f.....Y+0...jhXC)..`0X*..}~..&-..J..>.:@..;.......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):449
                                                                                                                                                                          Entropy (8bit):7.31532155890383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/74/6Ts/MYcGVkHcafQ2ueaTxpJz8mbEYST43v9u:x/6C3VkHnQ2vcxputYST43v9u
                                                                                                                                                                          MD5:DE0508D8669FC70B4D92B58076D288DF
                                                                                                                                                                          SHA1:AE206B763654EEEB4457853BDBD46A510A693ACA
                                                                                                                                                                          SHA-256:2ABBD585797B5DCF4CFE7908B5325E51CB5A0A5EEA117723A78444D484C1B269
                                                                                                                                                                          SHA-512:212BC0318562BED2CEE66C6BA4855F9F4A6A69125B869859AEE7BDC3F08A02EBAD9C6F5C432E6DDB3C091E4D8796FCF56AE6F2253A0C40DC2DDE7F97F49B3413
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....VIDATx..U=N.0..R.....J`.1...%6...#p....M.'ho.#.7..ea0...*M..8.*..>9...s...=..~....+..1.....R.-...t`$.si=....W2...E..,...$gh..{.j....<.T[..O!A<.?..&<'G...!.M..T..|.@H....N..S...K.8.Z.p@....|M~...(Lc.........).......E.....#....C..]sxlS.}6=....~.._.?.;.K..5..)r7h..nV.E.).=.F5.u3.2i..)`......*.....$@.}..] .9W.7......8w...y?....r.OW../c;.v.^.....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2354
                                                                                                                                                                          Entropy (8bit):5.633221367466797
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:RRlHOHSm2ejO/XYJ8ZRSLiPcvfkXKGm3kqZQuVQQBKwv:RSHfz6fEcsukvfqm3kquQUwv
                                                                                                                                                                          MD5:7169C5E4E176BDBE7D40E69398C96FFF
                                                                                                                                                                          SHA1:C3F3A9B8F21C11214E0091F9496207ACE7345749
                                                                                                                                                                          SHA-256:4388582267EE6EDBD053B96CBE9747A736BB564B11BE5C2DFC2C60564C3C462D
                                                                                                                                                                          SHA-512:0FA589D2D41CF5B40C4C96BD4835287221C8A7524EE843A7A4F465FCC310839EE4F2412841AB971AF15000A27E8A76C9B6BF6EED1D25F42CD44364F0F2A84DD1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...9...9...B.......X...6...9.......9...'...B...)...L...6.......9...+...-...)...B...L......GetOption.settingsPpackages.edge_search.search_ext_popup: web view is not enabled or installed.info.log!is_web_view_installed_and_on.common_utils.utils.corev.......6...9.......9...'...B...1...K.....Cpackages.edge_search.on_search_ext_popup_coachmark_exit called.info.log.core........--.......X...6...9.......9...'...B...K...-...B.......X.......X...6...9.......9...'...B...K...6...9...9...9...B.......X...6...9.......9...'...B...K...5...=...6.......5...B...1...K...........tooltip...balloon_type!edge_search_enablement_guide.ShowUi.EventData....onExit<packages.edge_search.on_search_ext_popup_coachmark_exit.EventData..web_view2_ui_templatecfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html.UiTemplate..UiType.overlay_uiPpackages.edge_search.search_ext_popup: web view is not enabled or installed!is_web_view_installed_and_on.common_utils.utilsQpa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2200
                                                                                                                                                                          Entropy (8bit):5.875568146350153
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:920riK5mljJJVdRquhrp6G5hRCmkasNfK0xxPUCyo:PriKOVJ/RquhrgGHRjstK0xSdo
                                                                                                                                                                          MD5:D025A17244204760C0F7D3A9356E62A5
                                                                                                                                                                          SHA1:AD60FF86E7CC76584907642E341776CEFD1CEC87
                                                                                                                                                                          SHA-256:FB16B671B4A7EDD07CBE8F5D695593F40EEBB30997F8AA1A84BE42375AA4F2EB
                                                                                                                                                                          SHA-512:A5F5EE4A01AC1C352BFBFF71F20F422B80FFB37851F7B68F13FAF570505FFAF3BAB08BBA36701F425DC3B71B5E428A0A6F75F50E2828C1BB6784317F9F2EF063
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..:.......6...9...+...=...K....checklist_showing.mwb.packages.........5...=...6.......5...=...B...6...9...+...=...K....checklist_showing.mwb.packages.checklisttype....checklisttype..ShowUi.EventData....UiType.mwbChecklist.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\mwb\wa-mwb-checklist.html.onExit#packages.mwb.update_mwb_status.EventData..UiTemplate2wacore:mfw\packages\mwb\wa-mwb-checklist.html......$...9...6...9...6...9...9.......9.......B...A...6...9...9.......X...+...+...J.......X...9.......X...6...9.......9...'...B...+...+...J.......X.......X...+...+...J...6...9...9.......9...+...'...+...B.......X...+...+...J...'.......X...'.......&...6...9...9.......9...+...'.......&...+...B.......X...+...+...J.......X.-.6.......9.......B...-...8.......X...6...9.......9...'.......&...B...+...+...J.......X...6...9...........)...+...B.......X...6...9...9.......9...+...'.......&...+...B...+...+...J...6...6.......9...+...'.......&...'...B...A.......X...+...-...9. .J...*...6.!.9."

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 95 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4147
                                                                                                                                                                          Entropy (8bit):7.943867399456676
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:rwd191zRv2ElL3+eYGSRCvWC7P4cHALED9gqwptnaO6:rwdXjv2Yz+mbuuZ09qwnaO6
                                                                                                                                                                          MD5:96E5352C228F18132282903C3CA79F35
                                                                                                                                                                          SHA1:9D7D72FB9134B222D7FFE36811FCC82FAB5FE0B1
                                                                                                                                                                          SHA-256:64BDF768575AFA7B3ECB4786F55F67983F5EFA2A8882D1F0131F8C28F646F5EA
                                                                                                                                                                          SHA-512:992F49CFAEE0692705D769F906CBCF7479FD87D2506D95DACF198E3457D6AC5A91776C710312405A7B5FF651B8C97CB10DD54B5D86DA202B8A1E9CEFC7D53955
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..._...H.......).....sRGB.........IDATx..\.p.......n...G....D$.b.H).2.tl.Vgj.....L[.N;c.T.vZ:.b[;..C<PK....$*.p.B ....{.....mv..Hv...!.?.....{........i.g....~..hnu:...l.B#....4........6t..........$^..|..l.M1u7$....8u...hYy....#..Z...|.u.N.?$..#...n....<..O..j....d*&......*...^x.?.9}...=..^.... ''...J.;.8....]...Lo.\tvtb....gW.k<....._.c.........2.k....NG.....F...FBBB@A._$se@.?}.c...._{......o.l.5%.F....@..:<......._.'.[...$o.....X.x>./X.}.......M......;.a%zzzQtCA..P.<}....B.#..C.7....*|...a...L.-m8..)....V...|..sf*q.j..RPp.r_s.<..:.am.tZ./.7"7;.{..Bcc..-..7.O......^....Y.i>q#.I.>.[.nG]]..'.I..i.............&..o...uy.::....r.8q..a....1.............y4._C\.nZ..{..7.|..u:-.W.Sz...2...[..G...e.7q...\......]{QT...w.q...q.....<.}..QTT..^..?..If#..{..ErR"j....^..9..9.=..x%.lCFZJDeH...d.....9........p....>.C.......q[i).>:...7....#!.=.....V..N...;.........O...C........W....y.ts..x..188.GC%..q..G..-PDSV.....E...47.lhh..5e..+....N.|..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9731
                                                                                                                                                                          Entropy (8bit):4.511171296508002
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:b4H4SSJczePaYszA8XnTMAPVwqAc7g4UM+:MYSSJes8XnTDPV4c7g4u
                                                                                                                                                                          MD5:718CE1B892CEB6151C1A89B418CE8457
                                                                                                                                                                          SHA1:CEA68426F13210D1DE72D0169D6F92D9479272FA
                                                                                                                                                                          SHA-256:D90B950687B7B090A7C2D68341B082564E1054ADA60F9854D6305E7807B1FE69
                                                                                                                                                                          SHA-512:5B1D79CCF7FF9DF295AAA595DD8EC42660B7470794903E9D6DB23A4983F890126814C5DB7F5A265A7ECD0A636CC533FEC8052DA915B83FB31AC0DA5F9A7682A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = _window.getBrowserType();.. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = _external.getInstallDir();.. if (browser === "FF") {.. wbShown = wbShown + "_" + browser.toLowerCase();.. wbLastShown = wbLastShown + "_" + browser.toLowerCase();.. }.. this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.get

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2398
                                                                                                                                                                          Entropy (8bit):4.93822260700824
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3OTFbMv26ITWDE5CFqOcqehQORDe2SVXA:EaEIqOcqiQq62X
                                                                                                                                                                          MD5:C12300C6B42BAAC68B61C8DD1BCCD123
                                                                                                                                                                          SHA1:E0BC246A5783C9B1548FCBCD3973EB73A0020A56
                                                                                                                                                                          SHA-256:3ED4AF8DB1B04416E157A1B3D569156F0F43C1E51AF18B59D17523E26FCC2C8D
                                                                                                                                                                          SHA-512:9F1E39762811D3E8448502D3C8468AA4F4254FB562F1D91B0982F38AF7C037009A1B15FB0A64B59835C0DDD63B93AFACFA3864BED50624943CF802E97A306781
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-webboost-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:m

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):435
                                                                                                                                                                          Entropy (8bit):7.339595422017506
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7op8DZNN+N/mjoPou/d3mFiRWpK2NV9V6/v7CFmP1:lwwN/fPouV3mkWvn9VSmMP1
                                                                                                                                                                          MD5:17F00098D9F726B994583103F81EB7AC
                                                                                                                                                                          SHA1:18DF2437F9019ED8A7E111EEE48E1CA17F3BB19A
                                                                                                                                                                          SHA-256:71983847EA4F7014741BD89DDF4A33AF884A7636414E55912077CC00959199B9
                                                                                                                                                                          SHA-512:2BD4C0C36B43B61E1544C99E4B8B7C46789EDF91206929EF7EB1F7E5E5B810439D2A673E3EDC200BAC295003D544B9B9B94275AA29D3DDE9F5585E550553E6E0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............-.....sRGB........mIDAT8...=K.A.E.1...&....X..(.....V..h.O.....J.l,l..t.je.."..Z....B.DD..d.f...f/.f.{sov.%.T..a...p....R..6X.O0..;.w....7...,K=V .n..'*C....D[..ds.N.4...W..C..]..}0uM1.. .^...C6..O{.3....8....\...t.#.Fc..eks...x...K.....W..o.}@.N.pH.l..H.E.....ix.....z.1....=....P.SG.y..]CL.p....=.@..`..^..~/.8.,k..5(B.........di.IZWi..t6........&..n.c...4.'..e ...]3..........[....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 70 x 69, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3947
                                                                                                                                                                          Entropy (8bit):7.943205117846418
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:XpIVSotMeomWtuupLHgHzDJhbpmV3G4fNjirxU:mSCJodtwTDJhFu3G4fNWq
                                                                                                                                                                          MD5:744E7ECE73DE770613033AF4C28735FE
                                                                                                                                                                          SHA1:F7598A712AB76AFBFC8B880FAFA9C307D0942952
                                                                                                                                                                          SHA-256:7D324265349E5DF77B3A3A56112E5D13B7A1C9827C4B886205DAB99C279B19E5
                                                                                                                                                                          SHA-512:2BB6285603F134BFC6B3B0AA9B4F97B4156D354558AC3B73CE5661988D3A6516528D79DBCA1F82996BC395FE780F41AF7CF144ABAA3CAFC951C0D3FE0A08B165
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...F...E........*....gAMA......a...."IDATx..\.l\.....zw...^{.qpBB...........KA..Q.P.Am.......j..E .r........P..BI...hP.;.......|....}o.y.g.1.d.y....7.....f....C}........f..gE.Y"t......I....d.>d..O,r.&.d3+.x%..G.J...$...P8.....FC.4!..0A`.fk.a.n4....A|..~.@,..'....7tF...Q..C........d....Y.&2..29.HR"..Fs..L.J........<sZ..0..f..[M.A........?w..FcIJ...l..A..l.H.h.L.Fj...+...L.g.....)..x.f..M]mQ&^.Q........-^..v.....n...Y.-.pN`..j!..N.#..?4*g_.`>.s.h.?I^. W..E.K$ a..M.Dc.....{..z8.."...40..v.+.f.......C..Hb?.H*9..1+.\N./_K...082A...(.%...;H........".....n...=.#%+.&.b`...wP...e.t.......X.......:;..+......../.N.............>o.*Jb.#v...>..].j9g5_.....;8(f.).....V..V....J.Q.g.........>.?.p8J...v8..,.$.>.n..aE..;.m#.t.J.t....wkKY>...\Q.e.Rg.....1.....Dc..&EQ4.....t..."......'.?.&.c.I.....I..:.i...:...9..UUg...z..kw9....7;.O..xVq[...s~{..`.SO..E.....n]..gv..w.ib:.F.>...Uhi...z..p:r.].+]...U.m....ZB...P..1mm{....9.a.c...:..l.....=v.g..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):301
                                                                                                                                                                          Entropy (8bit):7.008936185757553
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPfAlD5bn3S1bu/6BIMYE00yLbOxD/WeahrkSiuBZ4dp:6v/7HAthII3MYEJ41lBiuBiz
                                                                                                                                                                          MD5:B437E1CC057558224FEBE4A96FE66CB7
                                                                                                                                                                          SHA1:DECA512775F0FF42BB1B6F734BDDD07DBCFA0AA6
                                                                                                                                                                          SHA-256:5F233229050143BA35B24A5DA5E1DB5F2ADCFB0E0F2B78707FFEAF39DAA19249
                                                                                                                                                                          SHA-512:EDACD7B9B7674FABB02BA5CB3B2BB5156C992C95715A71D6415353F9B62E9936335F490D2AE4CE7D58DBA68AAFC583AAEAD482D25DFAC459879CF289E2EBDB0A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....IDAT8....JCA..?.[...$..+.........|....BD.....i.*..V..h..+.>....*...X.s...f ..U..X}..B.U.s~SX.}..2..=.........0Q...D]U{.M.?../..}....... .eu.x..~.6..3`% ....y....+..BP../..8.)pm..\..M.h..Q.....-..Y.....u...T....S..0..e..%....u.8].^.........1....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6035
                                                                                                                                                                          Entropy (8bit):5.764128715208747
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iGHQe1nDk6k/Lap8sPnYuOKWi4s0reMRkyi0DlbwOxjHXExCDw:Ce1DkFsPnXLWRs0reMRkyi017xjHXExP
                                                                                                                                                                          MD5:7482EABE836445A6C8FDA14A4E353014
                                                                                                                                                                          SHA1:C176AFF8F7129E9B691A3F6B5ED52F501AE2101B
                                                                                                                                                                          SHA-256:C7D0F5B0E46EE308C4FC511F3CCEC0E7A4038B7BCF02D9B3C3681A268CA7A888
                                                                                                                                                                          SHA-512:E6EFAC00A5A8BF329583A1077B73E74F2D94903F5F21473CB48D0A4D2B6CA57297CD8CC51D11757A014A88839CD97AB16B381D4A69C341BE2D6222976D29763C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .info.log.core.isSurveyShowing.nps.packages........#6...9.......9...'...B...6...9...+...=...5...=...6.......5...=...=...B...6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .isSurveyShowing.triggerType.shownTimes....shownTimes..triggerType..commandName.showNPSSurvey.ShowUi.EventData....onExit$packages.nps.UpdateSurveyStatus.EventData..UiTemplate2wacore:mfw\packages\nps\wa-nps-checklist.html.UiType.npsSurvey.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\nps\wa-nps-checklist.html.nextSurveyCheckTime.nps.packages![NPS] TriggerNPSSurvey start.info.log.core..........6...9.......9...'...B...*...6...9...9.......9...+...'...+...B.......X...6...9...6...9...B... ...=...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9...+...=...6...9...6...9...B... ...=...6...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (458), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26004
                                                                                                                                                                          Entropy (8bit):4.106993065693765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:toM7vbmeN/beqwi1y42ykBkbae2vx3D00:+Gbm4i+1M
                                                                                                                                                                          MD5:4A4FA65EEE365D21F9472C766BCEBD07
                                                                                                                                                                          SHA1:BAA05813862F4458C37DAE97612CB4400C7A9612
                                                                                                                                                                          SHA-256:D1C2AF320923448FA198A84A10CB85EF17E6932E15A41EAAC1BBF046257D9B48
                                                                                                                                                                          SHA-512:C2699F065E347AA8066E8BE307E7DB6FC72B619D933B611710D12EF094B2A2F458A7D10D26756BF4E4F1438ADE15E3B927057F3D6ED99C63E2FEDCC29739F102
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.getArgument("template_args"));.. if ($(window).height() >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2305
                                                                                                                                                                          Entropy (8bit):4.925005434064277
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csY0TlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzJVVMCFqOcO/TP3G+PxCQOR1FEg:3XTFMv26ITWVMCFqOcqehQORDEsD
                                                                                                                                                                          MD5:BC8B8A7112D4C26814EA5FC4EF0016AD
                                                                                                                                                                          SHA1:C3BDF889D3A0C6C22F6177CE92BD3E375EE23EB5
                                                                                                                                                                          SHA-256:AB05C74F771C1B31157779B7BC7B761A30B59967340BD14F288909A752046123
                                                                                                                                                                          SHA-512:57B13FB0C6AC3A1140AAF9A8DD5C72D7F7B9F9D9B6B39EA93BE00833FD1C65E31D988A7E1C643561D4A898BD8443E81A4563BDB7CB0BEA93F0C5CCD0665EBDA5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="wa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):477
                                                                                                                                                                          Entropy (8bit):7.351051330229087
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7y2VDhNOYjroguA84jleUzz0BDdbNSp42duo1:wVlYq7kC02yNSp5Qo1
                                                                                                                                                                          MD5:8DD33EC0D498CB6C2FAA490D5FFCAB72
                                                                                                                                                                          SHA1:E278EF1E92293D41820D83E115A7195E30509BAA
                                                                                                                                                                          SHA-256:C43CDCDA1172EA4E55CD6725B5FB3B0F2ED9F8AC2C3DFAB3CB5A927550C00492
                                                                                                                                                                          SHA-512:20257C6B39D94376C69118E91480F101B96E168E0C1AE599E505E76C4785A08C7CEC0297B84B8FB99EC690C16FEBE8985C8558AFEE13A7503D053760FB52B242
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d...ZIDAT8O..1(.a......QJ1... ....2.3..`R2.u...*.h1. ..,.1...=..9}.........y.._....E..M...%;j....}|.Z....m5........;..,.v.l6...X....^].F./{.q.-V.0.sGaf...\.S.*WV..7.3f{U.A......Q.....L..%.Q..\.'....M.Q.lOn~.;.p]s...j.....5G...c.QV|a..(....1.+..W:.2l;....b....)7.3`;.....Z...Y.....KY.V...Jx.V.G~..V......+.!..U,.........|.O|.s.`...'I...-Ps4m."....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):621
                                                                                                                                                                          Entropy (8bit):7.440301212402691
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7y2VcCkoWVpXHvC+N3Pei2PrEyBvatOrED0uapdvoXP:wVZk/9/ei2D6d07m
                                                                                                                                                                          MD5:CAE22AF422FC994E24E8CCAE7ECDFCD2
                                                                                                                                                                          SHA1:E237654EE11A51773BBC840A27F79D6EB2DB0000
                                                                                                                                                                          SHA-256:48B34A024F5B925DFB6B8973876708BDD49B363712E74981078661D638E8440B
                                                                                                                                                                          SHA-512:8A818292FB67F81A7339DC2866EE5884DBF5DD97707F6567F4B1A6DA7CDD8FE8ED8BBEAB04CA610FFF2C1B80C36A1873ED331187FD9A8BA8734DBAA401076379
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d....IDAT8O..1H.A../!Q....@@kI.H...AmR......w.'.W(j..UHa%H..b.(....R^.B,...!M .I.B....x'..`.._.....y....U.e.D.4.D..Z..Z...I.+...B...i~.R.=.2.Ci...3.zw.c...;...n.ju...(.G.e..(}..<w...Y.R.b..v}.='0.V.^.tQy..,rf"T.B.Ry..&..._sQvw...%g$p....8.8...,...R.I..........'......g..m..^F.7N..Q.i.....<..O.8....y..<"..I}...,...*...<R&...s..;\..J.'8.G....f..o...l .^...(e^..;..t.._.....F%...k$.......:.'..u.n..g....@..N...E.....m....4M.\Do...H.b^?...t....}.......}Ahl.G....~..>.@..3g..U(\.Q....L......IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7069
                                                                                                                                                                          Entropy (8bit):5.1158379235764695
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:OWZxXMHRMroWa7b6xEgPGquAED+YhAAA8b89Y/5Pbqx51E5hh565/M7buH0eFDeW:OW0H28Fguf+y89K2kCdMunbH
                                                                                                                                                                          MD5:DA38A5E3FA021CA0E9369FA61CC3C877
                                                                                                                                                                          SHA1:6DF68EBE3079FB3A73204CF97ABAD6BAF5A487ED
                                                                                                                                                                          SHA-256:1E1599C4C24FCAE4F1A19B19BF21277D3210D6A3ECF155B767940A628C890223
                                                                                                                                                                          SHA-512:6FF562D1E2577294FDE65240B177FFBA950D90AD26421C4AC1D5B3DD6BFB892D7AEB916E23F78FD55FC3108E30C67CD4246204E467124C3A422C7E10E0B82219
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. width:fit-content;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* v

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3649
                                                                                                                                                                          Entropy (8bit):5.081162908198535
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:jMsaeRv26XbWZNG50ybUYoA1gPeaNS6cD2QXIan75FfEl:jDbGNw1AYomgPeaspDfXIandO
                                                                                                                                                                          MD5:2E0C29524877E42439C96690D076A58C
                                                                                                                                                                          SHA1:971F598A61BC322699CA2BBC121603AC0E3908B6
                                                                                                                                                                          SHA-256:A3CD22B2F53A0BF69A217D1B48CF1627F7B26BE33E0C1083D11A71503AF09DB4
                                                                                                                                                                          SHA-512:79131D93033948B63559F074139E5BF7B4E898FC07341D77968A5F9C5B453709CDE48E14BB680B8D757E5C1D0D2CC8E0D5ECCCDD2C48AD19DEE28DC8A8F92EF6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\pa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7536
                                                                                                                                                                          Entropy (8bit):5.116758318348117
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:lAvUEJU5h6oVXuVdDE6hYkBaWPwT0JrrvG10qAvlaVXkfldXF:mvhJYrV+fEGIj1bVUdtF
                                                                                                                                                                          MD5:5E844B469ABBDEDFB4DA21AC1E37A143
                                                                                                                                                                          SHA1:760A76CD1476D6D9642DA62ED433FB09FC25E28B
                                                                                                                                                                          SHA-256:3C1972F7E069789006A13B076526748E2804A852CC3CB963BF16EFB0CF667F6E
                                                                                                                                                                          SHA-512:21E0BAE0F3C42C0C25A657A1D9F440474709760BD5104C4136F8089A85F2D6E4308F1EFC22263EA3593BD5556085B27B9D995FEE7F58C2B0C7B28770DAC7EDA6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. version1: $(".version1"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. feature1Label: $("#feature-1-label"),.. feature1Name: $("#feature-1-name"),.. freeLabel1: $("#free-label-1"),.. feature1Desc: $("#feature-1-desc"),.. feature2Name: $("#feature-2-name"),.. freeLabel2: $("#free-label-2"),.. feature2Desc: $("#feature-2-desc"),.. checkboxContainer: $("#switch-se

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1238
                                                                                                                                                                          Entropy (8bit):5.704980533812439
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6wBTG+3j9qlatg94bXSx7ngIdMKWF8gGX5p0TA5+CUTm2X+0XLYJAvM2:BBiIj9qlatVXEngJKWqg8+CUTvxXLqA3
                                                                                                                                                                          MD5:7B318AA9AEEF6B2FC46F676281E71CA2
                                                                                                                                                                          SHA1:C35493B7AF124AA746F60E39DA5B9A0100FC49E4
                                                                                                                                                                          SHA-256:2828777A6FE9009E76598C92530A3B9215918A4392CC6AB5FD5540A833E3B8E7
                                                                                                                                                                          SHA-512:51B21277A6EFF823E90D9BA6AC2CAB7932219014B80D1889507912703D12582CAA5016F21977125C65B21F3AABA0EB1DEC41ABAC654DFE70550520A8A8C3CB21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........J9...6...9...9...9...9.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...)...B...).......X...).......X...6...9.......9...'.......&...B...K...4...4...9.......X...9.......X...9.......X...6...9.......9...'...B...K...9...=...=...9...=...9...=...'...=...=...'...=...6...........B...K....ShowUi9wacore:mfw\packages\webadvisor\wa-amazon-upsell.html.UiTemplate.EventData.amazon_upsell_toast.UiType.toast_cohort`amazon_upsell_handler: amazon upsell requires toast_count, amazon_extension_status, and url.err.url.amazon_extension_status.toast_countEamazon_upsell_handler: amazon toast upsell is disabled, cohort: .amazon_extn_toast_cohort.GetOption.SettingsDB9amazon_upsell_handler: amazon upsell only for Chrome.info.log.ch.BrowserType.BrowserUtils.utils.core.Browser........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K....upsell_amazon_toast.event_amazon_upsell.register.handlers.a

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4661
                                                                                                                                                                          Entropy (8bit):5.817994241035366
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:XE0GptOJE462KfH+ge9YYdWkHm18LbWQY6guNx6gk:Uf8Ej/+gKPWkq8XPYduNx6D
                                                                                                                                                                          MD5:FD3B335D806C8CAD98DDA121CEB7B977
                                                                                                                                                                          SHA1:A4D7D3A76EF0FB23AB8480D06CD3EC8E5056B0A9
                                                                                                                                                                          SHA-256:696A025E9730DE200A85127C3C2253E1AFE7D9F836291A22C66137EA5A968A0A
                                                                                                                                                                          SHA-512:18E9BECC79A56B7DD2B9C8580F79EFDA28CBDE50FBF2662A60EBACF863FF869BC412345E960CEB804A96C7F6EDA2B66B01875A9072EB4C039025C36BFD3C57F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........5...=...=...6...........B...K....ShowUi.EventData.UiType....UiType..web_view2_ui_templateJfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-checklist.html.EventData..UiTemplate5wacore:mfw\packages\webadvisor\wa-checklist.html.........5...=...6...........B...K....ShowUi.EventData....UiType.downloadWarningToast.web_view2_ui_templateHfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-dwtoast.html.EventData..UiTemplate3wacore:mfw\packages\webadvisor\wa-dwtoast.html........U6...9.......9...'...6...9...B...&...B...9.......X...9.......X...6...9.......9...'...B...K...4...6...9...9.......9...+...'...+...B.......X...'...=...X.).6...9...9.......9...+...'...+...B.......X...6...9...9.......9...+...'...+...B.......X...'...=...X...6...9...9.......9...+...'...+...B.......X...'...=...X...'...=...-...'...........B...K......checklist.showChecklist.showUpgradedUserWelcome *DisableUpgradedUserWelcome.showCryptoLearnWelcome.*DisableCryptoLearnWelcome.CryptojackingDisabled.showNewUserW

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1682
                                                                                                                                                                          Entropy (8bit):5.571913634634723
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6ICRoYslDAbfu+oqxMdiyUZXuUBRCziQGePQ6NNL9aN+j/bOJjI:+YkbfuhxdiHuUKtGaHy+j/bOJjI
                                                                                                                                                                          MD5:E5766C1FD44D8EE493D5202B0A9E93F2
                                                                                                                                                                          SHA1:507FDC8FB49CC2AEFA89F1239BCF688B00AE936C
                                                                                                                                                                          SHA-256:ECD2F3584E6E28DF0ACB3A8996FFF3CC8E02732A38104B1FABC8E3D4504FD6D8
                                                                                                                                                                          SHA-512:6F9E9E86067F257DB424CCA0E9BD84780AECB0DA37F20447C00DAF80D18288245AD37C88B0906CD5E449069D944B64CEE6AE9C49D8F46A3089B7A6A585CDA8B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........&...6...9.......9...'...B...6...9...9...9...9...9.......X...6...9.......9...'...B...6.......9...'...'...B.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9.......9...'...B...K...6...9...9...9...9...9.......X...6...9.......9...'...6...9...B...'...&...B...K...6.......9...9...6...9...9...9...B...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9.......9...'...6.......B...'...&...B...K...5. .9...=...6...9.!.....9.".....B...6.......9...'.#.....B.......X...6...9.......9...'.$.B...K...6...9.......9...'.%.B...K...!chrome_ext_push_handler: endRchrome_ext_push_handler: Failed to trigger LogicMsg browser start on browser.OnBrowserStart.encode.json....Reason.browser_launch.IsExtPushTriggered..Browser.., no need to engage1chrome_ext_push_handler: extension state is .ext_no_entry.ext_enabled.ExtensionState.ch_wa_ext_id.get_extension_state.browserSettings. is not supported.tostring&chrome_ext_push_handler: browser .ch<chrome_ext_push_handle

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 170 x 167, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5286
                                                                                                                                                                          Entropy (8bit):7.918352410896778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:VadOXrG7NapBuqn5EVYrylb7le57jdIt5X/pu660z4GKbAkhYaPQGflW1:B7smri6ryhGGX/JNzoAkhjYGfe
                                                                                                                                                                          MD5:992B99090456FAE196C91BFCA1630D5B
                                                                                                                                                                          SHA1:5079D7427DB7384162CFD4917A87D1B9C3235A55
                                                                                                                                                                          SHA-256:F86960D443E848E83A2BA3B27B68EE488623A6E6E80E74594E69802FC472AC8C
                                                                                                                                                                          SHA-512:80A8DACF479B444979889F0D9B5DDE429AA794D8D7E1430B4555571513FB3FB5F6F950B2FD989A7DF9B4EBAB7ADE271B5C8A635C4B247FD9D3D97EA96FEA0AFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................\....pHYs...%...%.IR$.....sRGB.........gAMA......a....;IDATx..{.T....{.a......GO6...*E..`.n!<$+L$.ML...X1.qe..V........M\.2C.v.'....uf...$.Vx..0.. P............}o?.....3}ow&...;...HA.ljYLzj..:Q.........(."I.LOj........Q4q..)-2....\..>_.^."K.|.f))H..F.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF...'.V5..b.G...4.Qv.a._..21...4...=...g...WD.....\.......d;.....6......D..N$2........3J..2J..2J..2J..2J..2J..D.r.t.-T*..n..OS.......C. .....r*..^5...E...n..%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%.[..fc.....:.g.0..Su.%^...kkg'.Z]K[...).?H...N|z...[..v.z..........x.>|8UVV\y.....X..xf..g.....5v.r..?_@..K..N.(g..?....o...cFSuu.F...kcE..V.....o.LRY..9j<...i.>...>S=.n.i.x.....k.......VB#.ow.b.X[...^.3..w'.#......P....}.....<.T.F.b./U;.n.{B.8.v..t....rA.W.....[......h..5T...<U.Pg.Pk..5.~v...J'.B.5;.ijv..vB.Q.?.-.3u...R.S..kj!].....H.T..o<Pr..PE.eO=).H.I5 l{..I7.d../V....N.Q.P..E...u..E

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1239
                                                                                                                                                                          Entropy (8bit):5.772003971685495
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6uhfXWnvmJJdPObNlpwgMT9CFbzxX0TA5js2X+0XrB2T:dhfXguTdPCFM4bPjNxXrMT
                                                                                                                                                                          MD5:68179B44FCA2D4E28A150AAA035C55F6
                                                                                                                                                                          SHA1:3FDAACAF09F869EE78C8B8FC98AB4E1C6DFB1F61
                                                                                                                                                                          SHA-256:11E9E1FB984B24FC1191FE78F42BA82A0679EA6CE850B2457EDFE94503FBB38C
                                                                                                                                                                          SHA-512:EA6048A3BF9B3DD1A277184C1EB4AD697CA97F70AF680E8224FE315CBDD61008D89AB0FC9C31629D63697527C93C865E561C45FD791B4FFB349EC356ACB447CA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........<5...=...'...4...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...6...9.......9...'...9...&...B...9...=...6...........B...K....ShowUiEshow_ff_extension_install_toast: got implicit close event name: .implicit_close_event_nameRfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ext-install-toast.htmlCshow_ff_extension_install_toast: got custom WebView2 template .web_view2_ui_template.web_view2_template=wacore:mfw\packages\webadvisor\wa-ext-install-toast.html.tostring=show_ff_extension_install_toast: got custom IE template .info.log.core.UiTemplate.template.extension_install_toast.UiType..EventData....UiTemplate..EventData.........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K...$Builtin_InstallFFExtentionToast*EVENT_SERVICE_InstallFFExtentionToast.register.handlers

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):407
                                                                                                                                                                          Entropy (8bit):7.1407976551071055
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/74/6Ts/+smsfwZQlyCzDSkG+ZlfDN+y9X:x/6afkRChDZ1DEy9X
                                                                                                                                                                          MD5:52488EF2BAA65366C96F39947B5CEC32
                                                                                                                                                                          SHA1:580C1612E3D607EA8C3C83B03285ED6B5E5AFC23
                                                                                                                                                                          SHA-256:C0E9102EF0C19E55052516B7B11F95E96A13A93A19DA66328DE5B66740CE4A4E
                                                                                                                                                                          SHA-512:0D54D10933E441EB624CCE78C293162AF8150134199D7C2AA54554476CDB70983A3CC069B23D3C93D736612C80EF6C31CA1842EB72385FA4BE359A40F36A5B67
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....,IDATx..k.P..H.....;.P:..Z....[.QG.I\..]}L...... 8..........1W1\|../8.....|9.;.r.@>. ..(HZ.%'p.Y..;...[..r..m...Z..&.l^.....k-B...Pk...~?.....{.....b...f...}...ty..C..`...@<..,.]..R<u~.{@f=.w.<..x|.zsjq V.......I.KC<.}.....V{.l].Lg2..v..m!c....@g..-.>...@v ....L..l.y.>.)....."....%....P*........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 148 x 50
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1686
                                                                                                                                                                          Entropy (8bit):7.777921392960299
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:I/sUg09pp/qKHlZpbkXt8K7n5bTh5lTdAiwy9QntZ9C:onJpp/qKXpbU2g5DlT+i9QnY
                                                                                                                                                                          MD5:DFD80EC6F7EE421AEAF3F785922438EF
                                                                                                                                                                          SHA1:DD3FCFB2BF921A6C67933093B1AE64CA23E1AF26
                                                                                                                                                                          SHA-256:FF31AC8E9802988BE162D31CD350711F460E8AB292CC45950C202ECD1A8FEEAF
                                                                                                                                                                          SHA-512:8391CD280487F73F7FDF5529BB6677696BC815DC99ADD5AA229EBE1B569B94C1D8C5370A86C0665F5F20CF918325B23338EAAE347FE441550C0758A687297C06
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89a..2......'.....-..&..,.."..,..(.....-..!..&..+..(..5..)..(..2..$.....!..2..&..*..+..1..&..... ..%..0..6..*..&..+..0..-..:..5..+..0..2..-..5..5..;..@..6..7..=..?.#<..>..E. C. >.#@..<.'H.$E./K..N.*S.,J.6I.,O.1K.+@.+N.1N.)W.4W.>J.9R.;P.6W.=Q.:V.DW.A[.GW.>].HS.E^.J].Bc.EX.Mh.Nc.J[.Re.Pg.Mg.If.Pb.[h.Ls.Mm.^o.^u.]p.gt.dt.jy.g}.qz.u|.{{..~.x..{........{.............................................................................................................................................................................................................................................................................................................................................................................................................!.......,......2........H. 7Z[<DX......#J.H....3j...a...B..)O.?~.....J..........8s.....@..MP...HM..._.. 4x....X.j.:..Q."..S........a.*.p..I.(.....O^...6..Pu...}............A...3kF.x.g.'..........`.....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 27 x 50
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):369
                                                                                                                                                                          Entropy (8bit):7.019028949718389
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:aPd7Wm9a7S6xP+rDzujMhsACN1brSF+dmz0fmBDbf92buPamIPW19mW:aPd7Wm9a7zGDu91Ppdmzka/f8bQasX
                                                                                                                                                                          MD5:3D32D5CBF24BDCC2C74E876AAD4C19A0
                                                                                                                                                                          SHA1:E4F405F07DC0D870A2CF4E5EEF48C91393676290
                                                                                                                                                                          SHA-256:7456A5B53B0E7BAD980926BA86EF437ABB19F5C2D397031C83B27198DEA3C5D0
                                                                                                                                                                          SHA-512:DB97E6E8E062B75FE46D49558BDA19674AA574476F85458A22A536FD07384618524007342098E5FA095532A2D8CFC2612CAD0AD77AC406E5C12029E48F112830
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89a..2....................................................................................................!.......,......2.....".di.Y..l.bp,.tm.x..W...`.B,...r.l:...tJ.Z.X,e..z..xL....tZ.n..pxdN.....^.........................................'..#..................................................................................................&.....#J.H....C..;

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:GIF image data, version 89a, 2 x 70
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                          Entropy (8bit):6.510176350874939
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:DvjkRhk/NruDE9Q0QVlMjlFGCyzVwFECgVp/R5i9pNoj3f31XoB/fNfkc/:zjkRiFrFQ0QELV8VwFELjZ5ii3f3No1z
                                                                                                                                                                          MD5:2D1CCF8BB4F2013151F9BEC12542D9A5
                                                                                                                                                                          SHA1:9AFEE504C285A2FD7B09BA3AA745B3CD4AEA3ECE
                                                                                                                                                                          SHA-256:8CE5E1DE817FCEF6618DC2279753936423A975ECBA3C28732FE0CF0DAA52E1D3
                                                                                                                                                                          SHA-512:C640B6921D144E76417CCB433CD7B0359FCB8298E546454AA31067FF70D4356DB86A223C83E70F2C43F46420CC4D6554834D3998150DD2D6257F65F8F7708942
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:GIF89a..F..2...$..$..$..$..%..%..%..%..&..&..&..&..&..&..'..'..'..'..'. (. (.!(.!(.&&."(."(."(.#).#).''.$).%).%).%*.%*.&*.'*.)).'*.'*.(+.(+.)+.**.)+.*+.*,.++.+,.+,..........................................!..Created with GIMP.!.....?.,......F...q...).V..+...0....XX.j.J.P...d2.H..H$..@...C.p8..F..`.........................................................A.;

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1059
                                                                                                                                                                          Entropy (8bit):5.249212112534314
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UoZR3xQiD3RJMZcUhiLKyFc43bZApRmWo0p+oh:xmp5UoZJxBTM3Q3SDf1o0pL
                                                                                                                                                                          MD5:AE88695F4ADDD20D33EA6AACBB7F1D25
                                                                                                                                                                          SHA1:8DC007E69E01A3D1BBD2153733104811D5140886
                                                                                                                                                                          SHA-256:A2B29F3671BEBA78918FB3CC82ADB90DBE501BECF1B4495359032B10E06DD3FD
                                                                                                                                                                          SHA-512:DEC7230018A67EFF845138EFB68700034A003A4402AD72757E1C97784F108EB0D1FFD3896E7B262318444E75B2D90C87644E69EFA1CC76CE5D595155A332BB7F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....balloon-chevron {.. height: 20px;.. width: 20px;.. border-top: 2px solid #E6E9F0;.. border-left: 2px solid #E6E9F0;.. position: relative;.. top: 10px;.. transform: rotate(45deg);.. background-color: white;.. z-index: -100;..}.....chevron--centered {.. margin: 0 auto;..}.....chevron--right {.. left: 337px;..}.......balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//0D423BC8330C17B5B4E4C044594DC91C3192F1BEC8579C99ABEF24DC5D02DB03B0A7FFD

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1585
                                                                                                                                                                          Entropy (8bit):5.2846423292021445
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:LswDjYlGNVMr7xnVMr7EVMr7VMr/VMrlpVMCrNM/QogXORMeu2J68WF:oOjmxuneCKCEQxymF
                                                                                                                                                                          MD5:ABF7554B9F2E6199B3DF205DD0BB1084
                                                                                                                                                                          SHA1:795F0DCFDB12CD34411F0F24E165D7109B976E15
                                                                                                                                                                          SHA-256:854F591ACDACB13376410E99F5D9245BAC0FE293D15DC03982919C3F2C51B979
                                                                                                                                                                          SHA-512:046ED98143B13CCF173EA5DBA1650C63A4EA23BDB98F1C562B0CA5218E18C1F2AAABCFC1E055DC7F743A8461156D8BF770D1045532A0A52043A095FAD149CB62
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.js"></script>..</head>....<body oncontextmenu="return false" on

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4111
                                                                                                                                                                          Entropy (8bit):5.083124051310355
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:T0AmdonK4uoOPV1PixEeB0NufP9SdaQbXkTJsR:AATK4bs/jeCQS9bXt
                                                                                                                                                                          MD5:473EE8868F2C6C123846FEDDEA5D8220
                                                                                                                                                                          SHA1:3E4FF22A368CC8A7191615C1EC7A98FF30A4336E
                                                                                                                                                                          SHA-256:90B448842B7527F46D92D7F359957DB5DCDFE4F0600AC864D950BCBE8560A339
                                                                                                                                                                          SHA-512:7ADAD4C83DAC4DB3F7CB10163EF5A8A41DD66840BC7F90D02C175924A40A7394C36C594507B68267BACBE975868E3BC7D8BD058BA4CADC93548BE6C0760C7BAD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1660
                                                                                                                                                                          Entropy (8bit):5.235995809978379
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xmp5UoZJxwqqZlmlXMwWlYAlCiIpcDFru:xArxzqvmfWlYAlcGDw
                                                                                                                                                                          MD5:FB8EF52C258FC344B95AA5BFDD8AA77E
                                                                                                                                                                          SHA1:7A64338DE9C5891A0C43FEEE277E318338495F6A
                                                                                                                                                                          SHA-256:C2613A3876EB168728CD4FF9933EEB0FC6D079B265A5A2C83A1CBF535261BB50
                                                                                                                                                                          SHA-512:39FEAF64C8764A02659261F6AC21E0CB1A3F05F733B1721924FDDFE705ADCA7F536595A9402CA4E48C800CD68DCB11BF5E2DA76F4930D7E48A5A8F1A01D19FB9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. height: 255px;.. width: 505px;.. border: 2px solid #E6E9F0;.. border-radius: 24px;..}.....balloon__card {.. background-color: #FFF;.. height: 100%;..}.....card__content {.. height: 100%;.. padding: 24px 20px 24px 24px;;.. ..}.....content__images #wa-logo {.. height: 17px;.. position: relative;.. margin-bottom: 10px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. padding-left: 24px;..}.....content__text > h1 {.. font-weight: bold;..font-size: 24px;..line-height: 32px;..margin-bottom: 16px;..}.......card__image {.. float: left;.. height: 100%;.. margin-right: 24px;..}.....ca

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2027
                                                                                                                                                                          Entropy (8bit):5.174314651406783
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:LswDjYlGNVMr7w9VMr7EVMr7VMr/VMrlWWrVMCrAedmsQ26qK/OFhItaIwV/qIPN:oOjIxneC4WCCFy26qAqIMImqIuNZEH
                                                                                                                                                                          MD5:C61D30E433E043A81964C66234189A36
                                                                                                                                                                          SHA1:A4A60D150AF521EBB07AB860A377D9188618448B
                                                                                                                                                                          SHA-256:05B8A62D01E2582B7FC61F06C7C5861231BEC9EB60343627053E973F091E1063
                                                                                                                                                                          SHA-512:1313BDFD44F075966364FB32102C9690C2DE8FDCC8E3218FAE1C6199E50254B8D863ECB278149279DC045E280B97DB3E9F0DF91BEDD169E42CF7CB8A2145C11E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\new-tab-res-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.js"></script>..</head>....<body oncontextmenu="return false" o

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3498
                                                                                                                                                                          Entropy (8bit):5.173544369475828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:m5Y7fVMKxAX955IGIyy8CJ/Z1gu0VKz1hauWSvAM0w4SVzz2eE/NXkN1n:n3AXKffHguIKz1hauWSL0WVf2bXkN1
                                                                                                                                                                          MD5:A79B65FF309360695882F58E59B1041D
                                                                                                                                                                          SHA1:7041D648B9476BAE73A68C6AD64855DC40B970B9
                                                                                                                                                                          SHA-256:C2FF635BC8A1240BC781F33B05053CCDEFF3E31861107E23B47B1FA2BB577510
                                                                                                                                                                          SHA-512:BF9BB26100EC477D0992F4E8AEA7FF11BC79D0128F9F26F7303EB81891F936A683C2224289022431C47C4233A93CB7BD959894B28289C62087130629BFB940C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 155 x 252, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9836
                                                                                                                                                                          Entropy (8bit):7.914414293589123
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:4SzlM0MAc3Z+8WM/h/Cl3oKSo5i1TL999zhgwfnt1ztUOTGgz7dEM:/zYcc/Cl3nSoIxL9XuwVhtUOTGy7dN
                                                                                                                                                                          MD5:89FC18BBBA9A69CFEEBFB5ACC4E9089C
                                                                                                                                                                          SHA1:1FC704BA2ED65674BC9DD7B7D882D8F588C1F898
                                                                                                                                                                          SHA-256:DDC5EB8EEBD2874C5774A4266EBF0A064FCFBF94A34686839B3FDF7E73235F62
                                                                                                                                                                          SHA-512:12099A1DA49A4AEA5A5BEA2E41C94E8151743191B48AD6B0F099B43A3532FA57ED7D335C9A2748BAC7F43C11212C04CA63D42E38B0D278C20A3A0D2DBB49A632
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............`..n....pHYs.................sRGB.........gAMA......a...&.IDATx..Y...y..........")..J",J.ER..(mh......a....~X.F...v..z..#|...."%..D..i.4...%..@..qc....g.3.*.2....{.s03.lTu.=S...jr..9..b.. .!Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1R.....Jp...{.S....c0.~.V.(.ef..4<.....k'l...y.v....jDG..=G.Y...~.7.........|........m..+4.........`..b[&..#4.7..YX.........Z....m.8v.| ......J..f...'.."..J.lX.0....?z....n'..}...dPl]...S.....`%.n..p+.).........../o.l*d.;...>4...._.".tPl]D....3{...<.....eVA...f......{.C..Z.nO?.*.tPl]......F.....IB\^|.......n%Pl].$4n.U.lb...,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8509
                                                                                                                                                                          Entropy (8bit):5.661293428262151
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:NLDvJHOV9mMOoxNkya6eQ4fV356VPUbkOtxO:NLDvJHs9LWB6eTUVMbO
                                                                                                                                                                          MD5:98EBCF3476AB4A6BD3073B2CA58248A5
                                                                                                                                                                          SHA1:96D26050B42BCB8ED858EF5A039E8A0350C0FAC4
                                                                                                                                                                          SHA-256:D2DFEE520D072EEF92D196CE3BF49EC3F7F19EC915949AE38449A13CA694116D
                                                                                                                                                                          SHA-512:2242B693060CBA1969F6105D7468CB55FF9D5989E081A12012D71022489C1A6D22E73F290483CDC0A2330604F4E354CB76977AE0C0C2AD98D38D02D50FA0A9E5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........-...8.......X...6...9.......9...'.......&...B...+...+...J...6...9...9.......9...............&.......B...+.......J......GetOption.SettingsDB.utils3overlay_ui_handler: Not a valid browser type: .err.log.core........66...9...9...9...9.......X...6...9.......9...'...B...+...L...6.......9...B.......9...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B.......X...6...9.......9...'...B...+...L...+.......J...Doverlay_ui_handler: edge onboarding from process start disabled.edge_onboarding_option.GetOption.SettingsDB,overlay_ui_handler: Locale is not en_us.en_us.lower.GetLocale.utility,overlay_ui_handler: Browser is not edge.info.log.edge.BrowserType.BrowserUtils.utils.core.t.......6...9.......9...'...B...1...K.....Apackages.builtin.on_search_ext_warning_coachmark_exit called.info.log.core........P9.......X...9.......X...6...9.......9...'...6...9...B...'...6...9...B...&...B...+...L...-.......X...6...9.......9...'...B...+...L...6...9...9...9...B.......X...6

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5962
                                                                                                                                                                          Entropy (8bit):5.806694956330883
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Nr9fZOY+cM0cyS6fJ8YfrmJ/zAbWIYCx7B3it0BZkJzg9g/0pRu0heDBoQSQPJdQ:t9fX+VmS6zfrIIYCx70cZkJ09g/oxhew
                                                                                                                                                                          MD5:402C57B5A5B5E7DBABF63513B218D74C
                                                                                                                                                                          SHA1:AD550C41A36203F82734F5BA9D43521FD437AE64
                                                                                                                                                                          SHA-256:7003380895DB75B85AB96EC37E4DDB8D458C8A714F0D794D88C616D79E3AACF0
                                                                                                                                                                          SHA-512:AD7DE3917D1B1FF9D8065D7F57B2807B03037C30F2A0478198D01E35E009270C2FB0AC9C09F5A22AC71CF6491D7AE6A5D1BE321FB2154714BB8DAB484E3C89D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........!6...9.......9...'...6.......B...&...B...6...-...B...H.......X...-...+...<...6...9.......9...'...6.......B...'...&...B...F...R...K...... removed=packages.builtin.updateSSToastStatus: toast for browser .pairs.tostring6packages.builtin.updateSSToastStatus called with .info.log.core-.......5...8...L......._ie._ff._ch._msb._edge.........5...8...L......2Global\{8DB68CEC-1C6B-46B8-8808-90838C14CA3F}2Global\{F84F0E05-209D-427A-A977-A5AEAA90EEBA}2Global\{64C7DD73-FBD5-4B1B-8A82-B49950F36A97}.........5...=...=...6...9.......9.......B...6.......9...'.......B.......X...6...9.......9...'...6.......B...&...B...K....tostring:Failed to trigger LogicMsg browser start on browser: .err.log.OnBrowserStart.TriggerLogicEvent.utility.encode.json.core.Reason.Browser....Browser..Reason.........H-.......B.......X...6...9.......9...'...B...K...'.......&...6...9...9.......9...+.......)...B.......6...9...9.......9...+...........B...'.......&.......X...6...9...9.......9...+.......)...B...X...6...9...9

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):379
                                                                                                                                                                          Entropy (8bit):7.24199845007647
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPW/E8kQoywGZy2QuloYCnWnXmYFOwrMFOfzs9fOPrmi/MsTjWnDU4p:6v/7uMpQoji+YCnWn2lwAAfz/jmiU8SP
                                                                                                                                                                          MD5:0D006D29C298D5D75780C5514DFD7E02
                                                                                                                                                                          SHA1:47231ADF89D53E452EEBA1A7A4F6F51697B93C4D
                                                                                                                                                                          SHA-256:CC72D82ECF19CB08D92F5EA6A612A12FD54B86D8E6AD1019D3516CAC0E90353A
                                                                                                                                                                          SHA-512:B35A08D6FB781DFEEAE99CA78F70C85517DCEC702E59A920967AD146C38B06442C95FDE021EEBB47901CA9D8B4B3DE3E2192DCA910C68497D5D4F5E721B5F35A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............V.W....gAMA......a....2IDAT8....N.A..GLL.....U.....Di.....k.m.S.<..`.&.....M.u.c.......~.........N....\.x....|.....z.X.......)(..?vDzF...q.h.B..r..S.....j.=.`@8.A....F...g...._ .E..*!.Z...aV.IL...z...?. r...q..j-..0{r3Y..M...m.)....Z..^....$|..... n&.....RB.1...v..~.#..t....4..k...E.........~M...S..>.S..&6t..oB.Y......C.Q....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):366
                                                                                                                                                                          Entropy (8bit):7.181473502943194
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPUyCfW1DINGm00Q6GhmVMWW5tDGMYmw3H0zPsXFdCkhY1+8EtWmTp:6v/7yfW1i700sMVI5tDGMX0VdCWY9EZ9
                                                                                                                                                                          MD5:808F5E9FF7B694D5926CE6CFFA336085
                                                                                                                                                                          SHA1:58C5D8F14FEA91E715F8B3CB9B84421FBE99317A
                                                                                                                                                                          SHA-256:5331E5CCC4E6F8082F7AAC9492FC3DF5CB810087E6F0CB71D99B1582E233A61D
                                                                                                                                                                          SHA-512:E2DC4A40D8BD68D7DD31A002F480F3D0C5ED7433D0CB6F966EA11D437FD38A2B12C3F9CFC057DA9118E05BA5E81C1BC0896C5844D78F256084AC81554FC89A82
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................gAMA......a....%IDAT8...AN.0.E..`i....+.-.....(..E9GO.[..._e....P!.....x<v.4...m.<v,c._...?.....*.p..p.7...d..-T.....B..p.G...m=a..Y3.qm.B..m.WWq.p.Q.C..^.w......&bd....^G..W...TMM.....R...~])...]$.#.jA.Qq..<o.....*..-.M.-.j.k.8..>..b.....w.-.Q..|(.&~..M..Y.>..=.:..Y..n.....S.&....)s.c.T...v0.%..!.Y...J%....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):617
                                                                                                                                                                          Entropy (8bit):7.536368903712138
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7y8A6KCbdR+rqKuKRLIRBG9EtiJjt+KxqMK:R6JrXe+BGkiJ4z
                                                                                                                                                                          MD5:112768C9A06EA1AC8783E7EB786450C3
                                                                                                                                                                          SHA1:15312DD4FD8F87FD23725531726261CFD73888C9
                                                                                                                                                                          SHA-256:3AA7CF0C447D88B8CE2C2FC0B50E80E49851217D0CB3BB7D4E38FC22209DEE03
                                                                                                                                                                          SHA-512:87E13AA38498C7E76EA9B017A893CCEF4819FBC13EB387C8A4946C721EAB176A44A5F3B181FD23AC2D16943D12B452EB8462FE7A57F6572EB047F3876BD2CFEE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.....................gAMA......a.... IDAT8..S1k.Q...K.H...p...TV...../'v...6V.U..PP.;q...H%.&V6...!.i...;~.[&..q.,taw.....f.........z.G....j.Z..Gg.dg..F.l.I.oX..H2.t.\T+...A+....vD.\...6X.....\.R.-.v.{..>....|jb....@7C..Q l.]....A.47.....O.X........$C......p.*_.d&.......M..?m.!.,.C.a......../.8...@n8gw.....@7..1.X.p=......._67.V...a.)...V&....a..R^.b..eN.Q.>?.j#4..A......_C+...A..H?....,o:.>........g...[._...d=\..^:.~.?......A?.cN.,...B.q..M..h.7.I.pT.T.4[.o.o..*.\..m".. ....6.0jk1..../..o....J>..6...C.6l.q.)1..N...s.....^..Y6.p..7......,.....:...C..y....IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1523
                                                                                                                                                                          Entropy (8bit):7.849513030462221
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:4V7JCN3mFRJOJsHKyzBNqS+s6snN326HGGeV6CouULfX7GBo6Bqy4XoRE8ndBAQe:507Zzas6s9lH06EUSBnBqy3dBAPl3
                                                                                                                                                                          MD5:0A57D1C2AF64AE52DF0CC5AE10897E72
                                                                                                                                                                          SHA1:923C6AEEA726F5BDAE43F4837C7FFFFE34E90B90
                                                                                                                                                                          SHA-256:541865D3715C481C1C111ADF0729928E0F6DE4A6B8E1687BB2DA2D26166E8C57
                                                                                                                                                                          SHA-512:2466E5EC410C6A9484A792B5F431FE3A527A04C01127CF11DFA6AB2ED49860FA052DC84C8AB61441359E03E2DF62341CD7E05F3CD94612AABE1E37564521CD38
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X[lTU....;.N...R(}D.-..CA.1.T[.`L4..5~k...*.|..~.eI0..DA..H../..6..VZ.J....:}..{.......bO.....Z..}.>C.P....F@..Zi:z.X..v.!.-.*'.*d..=.%i...m.d.}.d_].E'..}.J..t....c.......7M.T-.$vF.. ....U.....M..2..}..$.P}.....:....[9|..KBx>7.=l2..<ZS.O..fQ0.M'..iht..........".zV...xB....-.8..P&.....s.B.8..+..ris.......s~.M.......{.<^.M....a%a.<...5.}*......y.|.g.OW.QmU..qu...E....$T....."...e9. >j:.*';.=...7>YJ..+\.NU..z....x...k.dB...!'.]....P.......$.....A.[...i...[....M.|#......K~.|...H.;.@ei!m.. .gd......QLz..S.../..'....^mr.......(..|.`.sf!7...E...M....x<C.t2..:e.n^.D...SiqA&.......a...?.i.....D....}.q#....p...I...nl\...|j..s.s.w").a..Wm...$x.A......8.)......_.i..a...q..$!gb...U$.%...o..X.O....D./.....4.[X..yG]../..:..d.%....................-.g>_....h.$.%b...l.....|7\..>.j....[_6'aSs.:n.'...l.|.z.k..h....yu...TU.r;Yv;.F.b.38b..s..$...L.5.....r.9....)+.C....K......'g(.....P....,#..C..F..!

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1568
                                                                                                                                                                          Entropy (8bit):7.855339992904692
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:URY+DGIp5LXcjQxWPQjWqIiU27j2NbCYv0WGYKmUjDeQuksU:Z+DfdXqQihAv/WGYBFQuksU
                                                                                                                                                                          MD5:1CCDA19F6B165F0487EBB6C65E870492
                                                                                                                                                                          SHA1:3CB6473AE58648F9E6365DDD44EB6A24529DD55B
                                                                                                                                                                          SHA-256:8A3C7A2285AF72210C4CEDEB87701596B05C96A435E200A1BC3F0FE1947DB566
                                                                                                                                                                          SHA-512:D681758B205597B043FFF6F8BE779B5D05E37708FBCC9C08C88DA963B2B4681C33BB3E3B5912E8DF0CAB819A89D520BF1D21DE1C7B7499B5738AB0D557329C57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X]l.U.~.um.....l..!.i"..8...J.@....+.....41A\.K.B....;.:T.1(.B......(l.u.l.m]...k}.....n.vr.....<.{.s.{..[.(..........w#.z.....F..)8...T.pL"V.e....g]...C<.....K..eq...0.o..S.g..T.E\.I.3%.....Mh1i.3...O......fG..Ez.J.....g.t.6...O.H..J.W...;..P........?...,.......H.......$..V$W....B7Sn}..e-.'i..=.....k....3::.....8.p%...6.g)1OT,.L..W.84.....u...7v....!$E.-....j%L....C.T.....&.-~N.b.wZk.y.......:3.W....s...w...1....a."..Z...n..1!........J&/x...b@.=..}.U..rTF.a.....N...A761?q=..~ZID./..Q8.s8....U.m%......3.x....D....2.7V..C.....}..Mj..y....\e..`1.`...Y..i.*I6....o....5..?.kzz.dN.*.......9.........8,o.%...5T..o..cH...j,o...5.Bz.;......<....x.x.._nq...<.{V..o!..!.....S....tx.\.U............u$j.>.....4.....H....F.,..b.Z...R]2}WP.,1L...m.........W.....R)..a..Nl%..s&....9S....F..:q.`..1....b......j%..S..<v\J..]..5z>?=65.Qf)....hd..rx..QtS...pR....r>..G.J.Qj..]Yn........L......L<*..T..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):245
                                                                                                                                                                          Entropy (8bit):6.356933018581735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPe/6TsR/h2Ogt2PfVuymklNXULhg+/qp:6v/7m/6Ts/NutyJlNn
                                                                                                                                                                          MD5:BE47EB430418C03DF89E2CA140BC1325
                                                                                                                                                                          SHA1:A099F0ED4114F8476D6558BAA30E3DDFDF0512C7
                                                                                                                                                                          SHA-256:F651001BDF0AD41D9BFB7D5942F136CE75ECCEF744752EE72934980B8ECFFA4F
                                                                                                                                                                          SHA-512:AD150D115D35F1F796BB0E24C61FFAF72401FE2857A0A4475A2CB7E36325A5130CAAC1F167628E26C7AB6D053B7A3757D57EA3A07C71FC14FC848CFD2771232E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx..S...0...$..F....J&.i..X.b...w.|.pXJi*.N.|..-.."s.Y.`...MX...._.6.mU..aD.0FY*.T.O.....@C.o....&A...Y..C.Z..G...D..5:....9...s..............IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):473
                                                                                                                                                                          Entropy (8bit):7.236375221337779
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/74/6Ts/fWEpw+mmdlVkAV7AnpSvLkXfwtelX8EFQgdPjSTFN:x/6MWNmXVfV7opSYp8eZPev
                                                                                                                                                                          MD5:640A9A68216D3ACE0A04C70F745760F9
                                                                                                                                                                          SHA1:DEF457CF4CC59B638CB4C988652925CBBD7A972D
                                                                                                                                                                          SHA-256:40171CFFE5FB5BBFDA44569BBF7BBCB3848ECEF6A975CCC237F475B3141CCF4D
                                                                                                                                                                          SHA-512:A1CFC930207C1F468D423F072CB80CE6D6BC2FE6E8ED54A8A21386445882E9A922BE55AE627330E7810EA3BEF6108F06B4A2E0A3E62EDC659E1992046FD9D8C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....nIDATx..J.P....&........8...... .=|.}...y.....A.X.5.N.P.&1.{.X...B&...$7....O.c.,x..D1x.@q..P0..a...:.Zb..%.........%y..Gp.X.9...ze.$p.UQ]..~u*Nt6,....3YX..F...2.....O6..]...]+#r...`[TzyP......c......Py.... ..j).......5uD.c*......?..1.;..3.x..P.gA..3..=.M...ns3...C.U.L....VO(.............tq....WJh-.o....0..y..0..-u%.+.g......Z@..V...-...P..{....I........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3856
                                                                                                                                                                          Entropy (8bit):5.632480978270416
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:lV4Ubfff6DbxWUY8vIZOETrptTDWlL07vk/jn621GDmrQ+2L+CMqKZc9Ppqo7Kl+:lVvGHx5uXl00jS5V2KCM49cyp/Zuxo+E
                                                                                                                                                                          MD5:CDB3D65FBD77FC0A7DEFB85A9598D925
                                                                                                                                                                          SHA1:126FA51C81FB59B48B7CE3DE9680440431188010
                                                                                                                                                                          SHA-256:0EC2D313D7F01C708C0F7AE628BDDB4AF0745C15C22A38B45BE85653A351B6AF
                                                                                                                                                                          SHA-512:4226C28E3B5661916CE401F5804E1FE76E7820B0A5A79115208E433C7763DAA0C536634E37A86251C6022F2D03EA367251B33B4D6224C4274CA9E8038E3505C2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..X...........X.......X.......X.......X...+...X...+...L...+...L....new_tab.browser_launch..........D6.......9...B.......X...6...9.......9...'...B...+...L.......X.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B...6...9...9.......9...+...'...)...B.......X...6...9.......9...'.......'.......'...&...B...+...L...6...9.......9...'...B...+.......J...Hupsell_toast_handler campaign one: show campaign one - take_a_stand., do not show campaign* equal or greater than xml threshold 9upsell_toast_handler campaign one: client threshold .threshold_take_a_stand.tracker_take_a_stand.GetOption.SettingsDB.utilsdupsell_toast_handler campaign one: Only browser launch and new tab are allowed for campaign one.new_tab.browser_launch>upsell_toast_handler campaign one: User has WSS installed.info.log.core.is_suite_installed.utility......&...9.......X...6...9.......9...'...9...&...B...+...L...6...9...9.......9...+...'...)...B.......X.......X...6...9.......9...'...B...+...4...J...-...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 150 x 314, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):42124
                                                                                                                                                                          Entropy (8bit):7.989049214597359
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:LJZubuFGvQ0hVNPAb14MPMrY0iJyMXbAjw15AIJgW/8QjzastNBmwQ:LJsbu0vQ0hje14M6iJy+sE15AegW/8c+
                                                                                                                                                                          MD5:6F1B48189D2C835EC68CC9C30BA53360
                                                                                                                                                                          SHA1:93D78939DA261C4D7CC06E8B8341D9B3D93CEEB3
                                                                                                                                                                          SHA-256:29ACC284AD48147B1B5FC3F6F8E79F8D7481002E12B7D0B631DF91D9D22E5749
                                                                                                                                                                          SHA-512:D47ADF288217FFC8AE2F6D9DE1A2FF5E240355EEF3E31F3B204C16A226ED7470D60021E23F155883A9F77275FD1712994565B58392694CEBDC4E28BE7F3AD1E3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......:.............pHYs.................sRGB.........gAMA......a....!IDATx....e.U...}.My.%.F..b.fK.%..........H..@../$|.../...~.. 6.d06`.{U..{.......Y..g.....7..aKo....*......7?@.B)....|...w......}..X..Q......Ju{.k#x......sm...G.@...R...)./m().Q..mwM..'............w....z}.;Sk[Oj\;G........A+....X....g.U..}g%.?..z..U"..A....t.....F....i.4e..X...4..L..LZ.b.. _/J."..6.~.QJ.8EuB.."A~.....j......%VU.sF.i..;....m....|@3.vJT.6...R.S.[.I.m.....=..D.6?...h...]...^^.........X..[.Z.0..BT!<a....TQ.xr...2K.......D. ...m...).xf..<.D.#.J.K......qY.;f.h.U..yfZZ..J.p=...R@3.E/..8..U.:t..W}.4.g=-....4.G7'g.:.\....5J&\4..Ip.....Pk7.........l..f).*.G..yh.D...?~p.0..k5_0.UT..E.L\T.8q..\.>..Y.r...o.B..k.n...jV{....!...YH{U..Y't...b5.A...5..........9zZD$T../.F..Kue.....z......un.h..G..J.!$ru..2......0..n=........U.0.....Qu_.....M..7.@.4.v..3bQ..Q5..zB.}..0....^.L...V.!,.*...D.^.3..._j.....t.(PC6.... ..c.......M.P....H..A.x...........J.#

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1957
                                                                                                                                                                          Entropy (8bit):5.208734343017381
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xmp5UoZHx4Yli5FZSFIuMDWlYOlZiIpd3Rp:xANxhi5FUAWlYOl5Tn
                                                                                                                                                                          MD5:BD38056590D01D49F997A7120F05D65F
                                                                                                                                                                          SHA1:9796FA5A40B605914A1510C26304A94680437A37
                                                                                                                                                                          SHA-256:CBC3F26DA52AC8BDD100B02282CD60CD108476819F69E456C1D510F092002182
                                                                                                                                                                          SHA-512:03B3F3DB4358D52070D71A3DAC957E75F105589592F6F77A6B14E3B2D15B9F7E4A731674DF375E0B8004F97DECF78FA3ECB86A23DD9CADC35FC53CAB8E1C55CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 16px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. .. width: 510px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;..}.....balloon-I {.. height: 314px;..}.....balloon-II {.. height: 370px;..}.....balloon__card {.. background-color: #FFF;.. /* height: 314px; */..}.....balloon__card-I {.. height: 314px;..}.....balloon__card-II {.. height: 370px;..}.....card__content {.. height: 100%;.. padding: 16px 20px 24px 24px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;.. padding-left: 24px;..}.....content__text > p:last-of-type {.. padding-top: 18px;..}.....content__text > h1 {.. font-weight: bold;.. font-size: 24px;.. line-height:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1974
                                                                                                                                                                          Entropy (8bit):5.292418064990269
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:LswDjYyAGNVMr7OVMr7EVMr7VMr/VMrlygVMCrAedmI4O7P7K87DO6IrIw2/qIPL:oOjEJneCWCFf7P7d7DtIrINqIdmfMGC
                                                                                                                                                                          MD5:AFC5C4BF6EE9B890F666CA81E9ADB918
                                                                                                                                                                          SHA1:6C7414CAAAF0F60D30580A05146DE6D06E3178CC
                                                                                                                                                                          SHA-256:A45E80D4E3A6C9A53C29D81A57BEDD939818FEA90036F2744D32FCC8D08579DC
                                                                                                                                                                          SHA-512:0DF1A142F1C562B05966E7C55DDCD2369E9D41ADF4BBFBAB2E8FC8FE14883A57F7ECB5FE5BA1A55A19C2292253B708304587F4775FD13040369D0D13055DC5F8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.js"></script>..</head>....<body oncontextmenu="return fa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5813
                                                                                                                                                                          Entropy (8bit):4.8566147736196745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:4G3AXPfTEzni3R4uISETACySbd0SE13z8acglmVnIJ+BHBbXks:4oAmMR4FfCSERz8k5IbXR
                                                                                                                                                                          MD5:6FE7A5BBDB292E21CCF9987C837EB52B
                                                                                                                                                                          SHA1:E8B630BD2D5AF019B5CF393AAF6B2AB3A2670F43
                                                                                                                                                                          SHA-256:C7D5BEB5E6121270CBA1CFEEFF4D25778419BB405E2760A9E1D8367B0083D39E
                                                                                                                                                                          SHA-512:4C1A1FC16FF51B6FCADE285DC57C897AD2B86CDCD9B877AFD04999CA5753068999BFF81F7EA3D078E0C83A388A102C69D80FF9E90F2744C9CCD58D37C88826E5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Amazon Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. contentText2: $("#content__text-description_2"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. footerLegal: $("#footer__legal"),.. };.... (show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("toast_data"));.. init(payload);.... _window.show();.. });.. }),.. (init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.UT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1484
                                                                                                                                                                          Entropy (8bit):5.247167898152739
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UoZR3xQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUM3QiisA:xmp5UoZJxDHF3uBjFloZKY+YfnHcQe3o
                                                                                                                                                                          MD5:CFD0651F1C8146B4DECF69C514221FA6
                                                                                                                                                                          SHA1:CF49EFF69D1D676702ED360736DB884275EA7421
                                                                                                                                                                          SHA-256:0D20CFABE63FB1ADFB88B7AF39846FEB46E38E92423D58113DD455398D26D0EF
                                                                                                                                                                          SHA-512:2B6BE8A9F26649EA32F15966B8DCBC60D7BDFC1844E90688DDA76CEDF72E00B85BB1E8BA0FD02A579E44F396D6DEC4A9FA4BF1F3C8EAD734525F6A6DC31BC98C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1849
                                                                                                                                                                          Entropy (8bit):5.246021501122015
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+swDjYARGNVMr7xnVMr7EVMr7VMr/VMrlmVMCqAedml3+u4wXRM0cPh/m5:NOjXxuneCnCa63+Wxct0
                                                                                                                                                                          MD5:BA6E3307F6474161D905B49A808E1643
                                                                                                                                                                          SHA1:02985C4B755D0F9E50D904726654F262C96D87F3
                                                                                                                                                                          SHA-256:8CFEEF41B4ACE006C12AB7B6564FBA1EDBA6ADCB5A22021DD2A0FA9D2AEFAFAD
                                                                                                                                                                          SHA-512:3A15A75D308698934842F94F1B3D58B133004262EF6BAA147AAC1D225DA9360324E001D91100B1BA11626828C400BD9FCF026774FD233EBB3CCA2F5BA6B0EE2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.js"></script>..</head>..<body oncontextmenu="r

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3042
                                                                                                                                                                          Entropy (8bit):5.134325068794321
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:h4D7pOAoHHxRUoV9PhPkD4OEbN4d0Bk/5LiMCH2qJoNugUoV9PhPkOOJOMaOfNXR:cMAo1V9PqREed0kMTJo5V9PKgMaGXlQO
                                                                                                                                                                          MD5:A6978A2257A0405108B5FA83999FBEB9
                                                                                                                                                                          SHA1:F3E4061D40C0662445F0D1BA05088090D81201AF
                                                                                                                                                                          SHA-256:8C0D004BDB852052AC370CE5F8704FE6868FF88469DF7ECC1004E88DCFDFFA7E
                                                                                                                                                                          SHA-512:1C595B5AC92E7C621404318E172CC43DCEF1C04CFBAAA0D6D4D35E06D19049FEF4781BA1D9D020EB63BA152B14CED5005F91CD9B7DE4EE669C6DD7BE3BA48C34
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. },.... show = function () {.. init();.... _window.show();.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browser_code == 'FF' ? '300.1.2.1-windows-onboarding-firefox-webpage' : '300.1.1.1-windows-onboarding-introduction-coachmark';.... var analyticsEvent = {.. _event_name: "wa_onboarding_balloon_impression",.. hit_label_8: screen_flow,.. hit_label_18: "Onboarding",.. hit_label_19: "Impression",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 20 x 20, 8-bit colormap, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):743
                                                                                                                                                                          Entropy (8bit):6.485906014360001
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7MRUwaBLht3zHOuVKg7/6Tnpb+R2pi5IDyc1RX25gbhbzS5/IEMS:kwaZht3zuKKC/6jptpAIeEoglbzegEMS
                                                                                                                                                                          MD5:1ED7DBC29E984E621DB85633607A39EA
                                                                                                                                                                          SHA1:77CF88D52CB9A32A8EE377E37DC2CA70EBC79143
                                                                                                                                                                          SHA-256:C364887E094D6235A4FD5774D7CB5D9631A2983C8626998BAD8CA294BC446A19
                                                                                                                                                                          SHA-512:57CB41F770F5586041F9FCD9E934FEF894301AE8DDF8EFC498E2743FAD006D5C0D4AEF7D2A2086A9D3E60FC08B02AD2505D02E95B039786555522015EC9C41FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............W.?....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE............................................................................................................................tt....WW.ZZ....[[................................r....%tRNS....#BSR$.7}....~9.k.....l.y....z.....>....bKGD...-.....pHYs.................tIME......*..uk....IDAT..e...0.D%....;f.@ ......,`.r.]..J*.Z....jl.3..D...M..q.....(b.."I.6MD..=E...e;..{.<*..X."..$..}..r.el....-..z%..(.^#.f..H...07Up.S0u...a.8.r&#<.N......r9..H}..R4...R...]Y.).3...S.....U..TW..+.z.).3...(.....s..m.....5..3m8....&1@.....%tEXtdate:create.2022-02-18T19:30:12+00:00z.a....%tEXtdate:modify.2022-02-18T19:30:12+00:00........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                          Entropy (8bit):6.92410222781354
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPW/ETnWvTVFX9ls1mDf0J7KzAvC7gnh+i25wp9M+S+N0XXnTp:6v/7uMTWrVFtW1mQJe7ib2uPSjX9
                                                                                                                                                                          MD5:527825CC6A463D4D1A8E7019B4773D02
                                                                                                                                                                          SHA1:C58CE479BCED1BA8B47339D6A9867E3D75A96672
                                                                                                                                                                          SHA-256:87A2C49BEFA3F59750E91A1FCE86FB9AC9BA928A04D4ABE1A7BDFFB25883EC2C
                                                                                                                                                                          SHA-512:38DFD2D59C8D8A9195BC9D45E45A71FAAA69AB3E7C4777F3A448C31A95D44AA3E97303EF3FABAF13B3BD4F7DA1BCC6269B8A6A668EC758E28EBADCE2F949D0DB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............V.W....gAMA......a.....IDAT8.....@.E.I@....V.AK..K..[.`..zQ<X...EP..&.a3D../..cg...a...o..v.38@.s.|4.....`.;....a.G....k.m".....w........&...`.{..C.2q]jx...l<)OC%4.....'../H.+!y..S].,A..J..stM.^.M[.....2....^...T.(J..7.?.....t.QL..r.........IEND.B`.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2224
                                                                                                                                                                          Entropy (8bit):4.9541246398353875
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csYzTlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzlpeVPhFj/TP3G+PxCQOR1F3Imq:3OTFMv26ITWWhF/ehQORD36pz
                                                                                                                                                                          MD5:BABAD8554691BE8A63D9B4709EEB5934
                                                                                                                                                                          SHA1:E74D107B5544B3CEBB75ED60C74B45B62EEAE9A9
                                                                                                                                                                          SHA-256:10F4F0324BD1A6B0C42724221E9C1E6C0AC6AEF4FE98B2EA3E527E40E3F7CDA9
                                                                                                                                                                          SHA-512:BA1420797B4BCB0CFE924D3EBCABFAD9D1ABCF69C5A952B046F0760770924C8FDD7240DAA255189D66D57CF64268021024A1F465787C683956D544FE26D456D5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="w

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (339), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20241
                                                                                                                                                                          Entropy (8bit):4.031550033483697
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:cD3PO1JLKGbm4Ny+e8yfR/ZfiuLeeY0WR9dZGei:Y3PO1JLxbm4NyljziuLa0wZGL
                                                                                                                                                                          MD5:07E07A1EB472F8BB5AD0F36E99DC5969
                                                                                                                                                                          SHA1:1A71EA9434F307F8EDAF16EB2F21FA6FF55FA983
                                                                                                                                                                          SHA-256:4BDC420C4529841499DEA7FA4DD005E8A14721657F8AE9E4AD15124AB145429A
                                                                                                                                                                          SHA-512:CF52673B370443D94D0182C70F38A8753D1600E2779072FFE020CEDEF57D791FF89A0B2A1AC715748EAEE89790969233B075E5F81418D664C62D33A57403DAE5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "wacore:mfw\\packages\\builtin\\white_timer.png",.. alertImage = "wacore:mfw\\packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):802
                                                                                                                                                                          Entropy (8bit):5.277894961878517
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UoZR3C3dDUUhiLKyFc43bZt7nMP3a9:xmp5UoZJkxQ3SK7nMU
                                                                                                                                                                          MD5:A631FB3B67B4579F57702E1E13F796C4
                                                                                                                                                                          SHA1:94E7B8C6F46249BD91687E29B134CCD8DB951B7E
                                                                                                                                                                          SHA-256:B364801B56A9CCB6E67A967B0809BBA7BD7EA8DDD398338C22E6121954EE3182
                                                                                                                                                                          SHA-512:DFA586FC418C281274E5A7C8C9B86A1F37822A9AAA9BF3A082D952E031410A733E9FD0F634BF8A56FD89164DE8C352872A49F1B22691260855C2D9D58BA79209
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//7900B9930125B2E2FE55905E988F41A21C75AA3DC20FBF9659E6E92E4E2E3E8AA1C54BBF39F105CA386D6DD5B2F89B2E8887DB94D2C7FAA569F1CE1A3F2DD653++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1786
                                                                                                                                                                          Entropy (8bit):5.2644080547860606
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+swDjYI2GNVMr7RHVMr7EVMr7VMr/VMrlTMNVMCrnr8ymTQogY+ORMqnPPQ:NOjPOROneCZNCzsTQ++yU
                                                                                                                                                                          MD5:6254108E6A4AA9806F2756FEC26D005B
                                                                                                                                                                          SHA1:58D6D47AC90C766415FE60D30178D2230C0D5B17
                                                                                                                                                                          SHA-256:A30B4FEC24176222C7D411E5D4A0379701F7090FB87ADDC6521F80D396655FBF
                                                                                                                                                                          SHA-512:9BC9AF5E7009FA776A0897B3E2689A2BA3B8D7684437ABEA67EBE585DE8C7070109E7D9DE3F0E51709516A2D89F09C176E28C5A6A320F041CE1645D73D8ADAF6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-dialog-balloon-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dialog-balloon.js"></script>..</head>....<body oncontextmenu=

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1653
                                                                                                                                                                          Entropy (8bit):4.929425962777782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:3JYmsL0yXFeRZ7kkbslksjsjjGbb+CDBXRDDNEVRK1tzZtg77OgKqDRjnnTMUHu3:9ByXIcrH4fGbaYTEV6tk77Og9TTu3
                                                                                                                                                                          MD5:EF8EE9D11F99FC1787822E5B2A8FDBE1
                                                                                                                                                                          SHA1:D6096EF088D6DE16307D0C9ECDA6F8DBB04980D7
                                                                                                                                                                          SHA-256:FA0785854808DFC38B1F18B740D97A4D49A33C3DD8F8551E33158BFEAED6C515
                                                                                                                                                                          SHA-512:300A37ADB535FC034E7F222804689E06050DECC082CCBF95198221609E455FC84F8459DE9575C1C55987758F4CE2D24755D77254FE0E922785E36CE333015EAB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:#wa-dw-toast {.. height: 245px;.. width: 425px;.. border: 1px solid #B1BABF;.. background-color: #FFFFFF;..}.....header {.. height: 20px;.. padding-top: 12px;..}.....content {.. border-bottom: 1px solid #E6E7E8;.. height: 132px;.. padding: 12px;..}.... .content img {.. margin-right: 8px;.. }.....content-header {.. margin: 0;.. color: #EA1B24;.. font-size: 14px;.. font-weight: 600;.. line-height: 33px;.. text-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.25);..}.....content-text {.. min-height: 32px;.. width: 99%;.. color: #53565A;.. font-size: 12px;.. line-height: 16px;.. margin-top: 8px;..}.....content-footer {.. color: #53565A;.. font-size: 12px;.. font-weight: bold;.. line-height: 16px;..}.....content .body {.. float: right;.. padding: 0 0 0 0px;.. width: 99%;..}.....footer {.. display: table;.. background-color: #F5F6FA;.. height: 56px;.. width: 425px;.. padding: 0;..}.....logo {..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1693
                                                                                                                                                                          Entropy (8bit):5.123238382138251
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:V2sY0TYttGNVMz7tVMz7EVMz7VMz/VMzlGVMCqEjIYcdzV:3XT0tMv267CjjKdzV
                                                                                                                                                                          MD5:06808795BDCE5F2B3101F594A66CF92D
                                                                                                                                                                          SHA1:F29FB92B8BF454ACB3DF58A2CC572245B7AAFDC3
                                                                                                                                                                          SHA-256:0CDA42FB307B25CC6D9EA80D7AE1D046F9A6A89160E110E249E0A01D38D15DA0
                                                                                                                                                                          SHA-512:A94F404AFD5A9DC345391B9DEE0AE3E4AA8F188C5375434CC10284E3BA82DC4E1DC5621D4D132C2447824D0C720F89E1364C281A2234AB186F1F0270576399EF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body oncontext

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2137
                                                                                                                                                                          Entropy (8bit):4.907956363205003
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UUzf2hkRg/q4HWcJ5/VFeICFeI75jYKubJsbnbIeIpqeUr:Uh2gy4HWw5/jC75jYbJUba83r
                                                                                                                                                                          MD5:AFA7D01D32A223434ACFC7879ECB9080
                                                                                                                                                                          SHA1:34B1B321B7F4E4582E7F8F782921EFA077D7C3D2
                                                                                                                                                                          SHA-256:72CEA2AEF37DF1307A5888206BA4D1CC16502E7CE62040653A8410DA7BAB748E
                                                                                                                                                                          SHA-512:C0D9EA8DCD8C9680030B6ED87BA63D784A2869CBF02FC7DEE91CDB1D046A3D5F269287ACA1D248F40B7D9F42F12CA3EC507FC5A3F332FD810441C4A2F5D10288
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;.. }.. .. h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;.. color: #383434;.. }.. .. p {.. font-size: 13px;.. line-height: 16px;.. color: #454545;.. }.. .. .main {.. text-align: center;.. background-color: #ffffff;.. height: 210px;.. }.. .. .main-logo-container {.. display: inline-block;.. }.. .. .main-logo-container .img-wrapper img {.. max-width: 105px;.. padding-top: 32px;.. }.. .. .main-divider {.. display: inline-block;.. margin: 7px;.. }.. .. .main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2505
                                                                                                                                                                          Entropy (8bit):5.088559098371566
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:V2sY0TYaGNVMz70VMz7EVMz7VMz/VMzl+VMCqX+Q7hc8A5TTD14KtYJCKWbeIwkF:3XTL/v26TChnR+5WbeIwEeIYOzCUOm
                                                                                                                                                                          MD5:A0CCF1DBFCF4AF5171FE1F20984AC5C3
                                                                                                                                                                          SHA1:607C8BCB3A7237B3754B0DD7CAD192463C82F3BA
                                                                                                                                                                          SHA-256:6D9D64996071A2C2AB6A6A69B02E46B98AB87DB145B45B786FDB52066671C5A6
                                                                                                                                                                          SHA-512:6B8451AC352CDEC8F0E0B6250ED8E0F2CD7192691DD6D8E399BE8E3D3CA34ECAFB0A295F27C6BE58DE40F9687FCAB8C3CE6BC83027FE9DF1DA293C08710C8C5F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ext-install-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.js"></script>.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3583
                                                                                                                                                                          Entropy (8bit):5.331474129475065
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:nPT2likPJkhmmVkH0zf6lui5TF+Ezkb00t+lkz0tRZ21:SMLhmmVXzf6gahLzz/lvtG
                                                                                                                                                                          MD5:F2F95A23D0BCA2FABC7FD472179C2026
                                                                                                                                                                          SHA1:601BDF930BAA7EFA33D401741FAF37C7261F7FED
                                                                                                                                                                          SHA-256:8A1123F61B3E83C294ADE344726A676C384F218D56A96FCC95538099D12B2423
                                                                                                                                                                          SHA-512:11E710F81C0C9D2B514519C390437F02753718C93705C62D0E3F4F01257606A2F347F7797943C285DCBE2F737FCC091A873C779BBFE0CE7CA90ED99592C37635
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,... _instrument = wa.Utils.Instrument,... _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.. var $el = {.... header: $("#wa-sstoast-heading"),.... description1: $("#description-1"),.... description2: $("#description-2"),.....acceptBtn: $("#button-accept"),.....ignoreBtn: $("#button-cancel").. },.... show = function () {......_window.ready(function () {..............// Set toast window size......setSize({width: "485", height: "265"});..........// Get settings data.....var toastCountSetting = "ff_extension_toast_count";.....var toastCount = _settings.get(toastCountSetting, "0") || 1;............var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.. .....// Initialize toast......init(lang, toastCount);.... _window.show();.......// Send telemetry for toast impression................var analyticsEvent = {.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 126 x 104, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5630
                                                                                                                                                                          Entropy (8bit):7.947897963110471
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:QSToxeyGItzC74o5BBiMAxI0Roty8QTzTuWjP4IMqQidjQFl1JuKOrzmdc4z+S3:QScxeyDtMzPBiMAxZtqIXQ6QhJZyS3
                                                                                                                                                                          MD5:F5D9337BD302C183FFE6B9613EA4E236
                                                                                                                                                                          SHA1:6C622ECF659AE65E7F6ABFED4FA831D230B51A02
                                                                                                                                                                          SHA-256:DDC6EC93BB8B7AE8C90D42476ACCC47CB7E9EE28B01A312346462AD54206151C
                                                                                                                                                                          SHA-512:40270893584E34AD27B7E89DE9466D08464A4A869D96D5CA414FADF7332BD02B7AD1F28725FA82D7EF8AF4A0973494CC8633A202F58F0A2E60933CF482591BF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...~...h.....7.D.....pHYs.................sRGB.........gAMA......a.....IDATx...xT...G2..$<B...6.@?E...#.~U..b..Z.j......E........\...,.......A.V...A Iy.H2.y$s..g.'3.sf..$.{~.w..}.L....Zk..(A.....Q.&...`Q.n.@...j..Wz..2.I*.....f...q. .%..[..x.:B...:.....F.a.,\....O...>.t:....`.Ut...Y..34.O'q.%<..b...B.I...q.%3.n....k..#..=F.J.5.9...;o.R.^...D.N_...9...i?..~A....k.%..l.kiU.\@....`...M.`.....9.L.n.%....t...9..;YK......aT......4-......yq.D.8...>1..."...v#.....]t..i$S..$..H.C)$...i-n.Q(5];S,.Utc......6.....4.WOr..%...-D6v.\.m.m.....r......@..6..1..fQ.......`z.e...J....I...At...0.;..B......?...,...0..8.. ...n...Y..o*....r.6.b.......V...M.....v.J.d.K..y.Hq.|....~...e.=_....x.t...x.x.z.i.%4..~.k>.n..$.&..^.S4s.c...!r...].3..}9M..Mz......u..\..6....=3N.=.#.N...SQ..i\...I.<M.~AdP...G.o....A=.}.L...N.R....N..[nQ<o.8..V.&...,......MMt..a...r.[^..F'9.Ix..t..N'.q.....N8.!.8..%...t...Q=..U[+..Lcs3..j...:r.\I.'S..."9....:Q...YR.WP5[<.w.A.m.0

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6632
                                                                                                                                                                          Entropy (8bit):4.863979137870073
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:yH5SvRvxVoY2bZ8/C0jBkY52Q5YsYmgdFZR9FNGA:yH5EvxVD2bSq4BksV5BLgd3ZgA
                                                                                                                                                                          MD5:DB4B9B953E26355D626388BB9E3D0D4C
                                                                                                                                                                          SHA1:892EA969F63EF86DB81504EE485A4043D785585A
                                                                                                                                                                          SHA-256:71111AF2BA5C3A186577DA9A1B28A57A21B18E1CA1C4391E9FF943A851CC9A3D
                                                                                                                                                                          SHA-512:4F92FA9CDC6CE7E77EDFA6467BBF9BF8F2EF80E09A726748E0E6A3FB340B6FC1E0434EF58571A1B269D453063583F9B69E23713087AE03AADB359E0276752B99
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1426
                                                                                                                                                                          Entropy (8bit):5.271802199703987
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csY0TYJGNVMz7UAVMz7EVMz7VMz/VMzlQVMCmFgtHG9pQ3jc:3XT8sTv26ZCJtHwV
                                                                                                                                                                          MD5:7ACE7021513254597642A241CE4E4A89
                                                                                                                                                                          SHA1:96129C24FB0A1950DD597AD5D2A9513E86EDB8EA
                                                                                                                                                                          SHA-256:56A31554439DE4DE7EE6D7A9F335C19E2E3A2A4BC81CD76C14A84FB9162B7CF5
                                                                                                                                                                          SHA-512:EDDD30C61BD354D0E280D2BBC53CF2E44B9CBC3807BCDB533FC3E1E4DB165D76B7F9D1C2EBDD1A3CEE95794D3FAF4AEB60DBB4893C6823CD0D11AA81FC1BDB78
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-options-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-options.js"></script>..</head>..<body onselectstart="return fa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1594
                                                                                                                                                                          Entropy (8bit):5.200218132677803
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UoZR3xQpxsVecZa95p4H3rn39UDSyPVhilb39U0M3JtEN8vWZRVcoPu5xt2s:xmp5UoZJxRVXw9n0gA3uBHEN8vWZBct
                                                                                                                                                                          MD5:1B5E95B4DE976B1CD0ECB0198B8477DC
                                                                                                                                                                          SHA1:339303A95A250261D8D1BED2FD91118E34F0D3C5
                                                                                                                                                                          SHA-256:DF34889C77E490A35F28E1544FABA79E6DF5289A22E55D217EF2328EF0B666A4
                                                                                                                                                                          SHA-512:1F740C183D97BDAD3D808891C43C1F6071CE47BDD4A1ECA6D404958368265F2D0D5FF177E423BAE2E67DDC6229126F6223A6F593B0A922F050DE283AB7634002
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}..../* Arrow pointing up */.....balloon__arrow-up {.. display: none;.. position: relative;.. text-align: center;.. top: 8px;.. width: 440px;..}..../* Arrow pointing to the right */.....balloon__arrow-right {.. display: none;.. height: 130px;.. line-height: 130px;..}.....balloon__arrow-right img {.. display: inline-block;.. line-height: normal;.. vertical-align: middle;..}.....balloon__card {.. float: left;.. overflow: hidden;.. position: relative;.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. height: 130px;.. width: 100%;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. ma

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2055
                                                                                                                                                                          Entropy (8bit):5.214758180847983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+swDjYiRGNVMr7xnVMr7EVMr7VMr/VMrlwVMCrAe+xdmn56+u0INBeRMmRz0ZD:NOjPxuneCNCO06+PCBCBRwp
                                                                                                                                                                          MD5:1425654C854108A36AD043C1BC2BC640
                                                                                                                                                                          SHA1:5BCCEBED3A1C6D43212C34041C03E21B06F8CE47
                                                                                                                                                                          SHA-256:C97F364901BD668A99D6680B17B01A465FAB81C0F057B82A7835659B17B9E4D2
                                                                                                                                                                          SHA-512:39315DAA4685F5F590DAED72B895819C97BAFA213D3D068D0BBC9E06F6CD9A954436E6B6820E2A416FCCD5C199A4156EFE4E3568D419561FBE5955D9DFE49CF2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.js"></script>..</head>....<body oncontextmenu="return false" ons

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9485
                                                                                                                                                                          Entropy (8bit):5.218603054151627
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:2Ar/3qYFqFmMKuhiXdeRh3tEznLe7aAHKmXi:7SVIIh3t+4zri
                                                                                                                                                                          MD5:A07A8FC925038CEDA7CE76853BA03EA7
                                                                                                                                                                          SHA1:D7948C6C63C150569F492DF97B2730CEC8CC837E
                                                                                                                                                                          SHA-256:1C018D342E32C6FB39573C2E2C56F704BD108494C10C29E3610CB637BEE0429C
                                                                                                                                                                          SHA-512:C63931BD243334875FF0E227015181795829550B995E4D62C51FFAD0F776239646FD00593FD1E2024334646E634EEFD3C9E0A4C7DBFE635DEA199E837C8B1B9C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65389), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):625899
                                                                                                                                                                          Entropy (8bit):5.616570429523557
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:57MdRhPEceKr1GPHte7zA+0hung074P2Ej4ITdJwuwvMaSPwCDVrx76I9kO29Gyj:qFvzIo/PWnP8
                                                                                                                                                                          MD5:48D07C122F7DEA56B862C8158A2176B6
                                                                                                                                                                          SHA1:8D4588D11134A23211B4DE4D84BBA42530148B39
                                                                                                                                                                          SHA-256:CABA02AB7A59CE0DD0D4938A62EB421EE041E7CE48BC677CC9D1707E7D1AE29F
                                                                                                                                                                          SHA-512:5D12E2C1A36B5428A751806468D85F20A7F5B8EEB1608BC4318A2FEC092746705D6420F5C68373F4529D3F4B5702F94636F044ACE25C4394242DF21008665938
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CSS file for the new bing rebranding toast that replaces the red SS toast */..../* Poppins Regular */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1MXRyG6AAAjKAAAE+ZHU1VChSeQLgAAWagAACZ0T1MvMtnrd+0AAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmUcOS0wAAgBwAAeoCaGVhZBrJJGEAAAEgAAAANmhoZWEMdQYgAAAA/AAAACRobXR4ZsjwMQAAEpwAABCKbG9jYQsjgYUAAApUAAAISG1heHAEpQEsAAAA3AAAACBuYW1luw0UrAAABMwAAAWIcG9zdDq/aJsAADcQAAAilQABAAAEIwCVAAwAdgAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAnt/e35bgoHAAEAAAAAAAAAAAAAAAAAAAQiAAEAAAAEAQab98VTXw889QADA+gAAAAA2KSpvgAAAADbFjbM/e39xAoHBCkAAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDUwGQAAUAAAKKAlgAAABLAooCWAAAAV4AMgFIAAAAAAUAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACJAK6AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQ

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1750
                                                                                                                                                                          Entropy (8bit):5.237505222218743
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:neswDYEuGNVMe7OAVMr7EVMe7VMr/VMrlEwrVMCrYt1bQSk4CNiebvFUuHRMjg5+:tOKfnrCjCC88YkVeg50w61
                                                                                                                                                                          MD5:3B9B1D63B84AA8FDF550571AE62F2E3B
                                                                                                                                                                          SHA1:B21220253F01DD8FD12889CEDF562EB95FCEFFF0
                                                                                                                                                                          SHA-256:A72AD5F4ED76D8D56C0FD81FCD1677BDD83943C336DC1B3D2115C3B44491F096
                                                                                                                                                                          SHA-512:D76CEB797A4B49A65DDB8FC0A0E11345853954B4FD05CDE803EFF3226C5549CF164DF1F7636047790BC3338B4B14192EF93EF3218FCF34EF2568B605B4D92C84
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding-bing.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.... <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-bing-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.... <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding-bing.js"></script>..</head>....<body oncontextmenu="return false" onselectstart="return false" role="dialog">.. <div class="toast

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2510
                                                                                                                                                                          Entropy (8bit):5.158348945730247
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Fa+J3ggs19E5sFHDjJ60LhrqJ6MLhr3aS/dxJ6HLhryeEpOZ0a:VQgy9E5sFjjkUhWkchpnkrhePOZd
                                                                                                                                                                          MD5:942046677902A21A83DF2FAE7D2D330C
                                                                                                                                                                          SHA1:F8D0C55282D897FCC8DBE20B739F59551A5F54CD
                                                                                                                                                                          SHA-256:40C002EFF4B7C5B1B2DC0233D2CD540E01F58F4465DCE29C34B161504EDA2EE2
                                                                                                                                                                          SHA-512:FA17C8BD4CD5F460B5A88F3E7E1CBDC03CE2C7CDE389997551D9A6D7231742B4147BA384E713AF9526428C0E9964684C319F53A6FB9B23FD0D29731E77FC279F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.... ui.SecureSearchToast = function () {.. var $el = {.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. subFooterText: $("#sub-footer-text"),.. doneButton: $("#done"),.. declineButton: $("#decline"),.. },.... fillText = function (lang) {.. $el.contentInfoTitle.html(lang("SEARCH_TOAST_HEADING"));.. $el.contentInfoText.html(lang("SEARCH_TOAST_SUB_HEADING"));.. $el.checkboxQuestion.html(lang("SEARCH_TOAST_BODY_TEXT"));.. $el.subFooterText.html(lang("SEARCH_TOAST_SUB_FOOTER"));.. $el.doneButton.html(lang("SEARCH_TOAST_YES"));.. $el.declineButton.html(lang("SEARCH_TOAST_NO"));.. },.... init = function (lang) {.. fillText(lang);.... _window.setWidth("579");..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65472), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):626133
                                                                                                                                                                          Entropy (8bit):5.617814771341909
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:y7MdRhPEceKr1GPHte7zA+0hung074P2Ej4ITdJwuwvMaSPwCDVrx76I9kO29Gys:DFvzIo/PWnPV
                                                                                                                                                                          MD5:CD387543A50F8B0AA81A58EAABED3C72
                                                                                                                                                                          SHA1:B0B8B31AD884A0C8387293A3A765674509C264D1
                                                                                                                                                                          SHA-256:7EFB66D19DCD9CCDA892C2688A1A1EAE0639C5664E8180DE5DA46701C4CD8716
                                                                                                                                                                          SHA-512:2E54876F0F2EB5BE51B248E98B1E328526B732421B5D7B6FFEAF5B39D1F78D4CCBE3CFD94A1162729128A37EA26A1C97C736904334F3471B7398440119A337A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Poppins Regular */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1MXRyG6AAAjKAAAE+ZHU1VChSeQLgAAWagAACZ0T1MvMtnrd+0AAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmUcOS0wAAgBwAAeoCaGVhZBrJJGEAAAEgAAAANmhoZWEMdQYgAAAA/AAAACRobXR4ZsjwMQAAEpwAABCKbG9jYQsjgYUAAApUAAAISG1heHAEpQEsAAAA3AAAACBuYW1luw0UrAAABMwAAAWIcG9zdDq/aJsAADcQAAAilQABAAAEIwCVAAwAdgAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAnt/e35bgoHAAEAAAAAAAAAAAAAAAAAAAQiAAEAAAAEAQab98VTXw889QADA+gAAAAA2KSpvgAAAADbFjbM/e39xAoHBCkAAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDUwGQAAUAAAKKAlgAAABLAooCWAAAAV4AMgFIAAAAAAUAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACJAK6AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQkUCSgJMAkzCTkJRQlJCU0JUAleCWUJbwlwCXIehR69HvMe+SANIBQgGiAeICIgJiAwIDogRCCoIKwguiC9I

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2171
                                                                                                                                                                          Entropy (8bit):5.170488523740939
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:m2sYqYEpGNVMz7eVMz7EVMz71rAVMz7VMz/VMzlEtVMCWt1bQSk4C1uQraPxUFIc:SPdRvtT26hCW8tutJPf6F6eT
                                                                                                                                                                          MD5:80420F17AC946CD198A70122064A3848
                                                                                                                                                                          SHA1:17A79D51AF96E0388F63BCA01809873348F5FBEA
                                                                                                                                                                          SHA-256:830A6EDE3CE0C75AFEA87B7632CF84D975B36CC6BBB68F7FB91EBFA0608DE7A5
                                                                                                                                                                          SHA-512:6EA38C3C91F3A6A7D291E7AE04446FABD9BD33D40B3CE9FFAD543572D699A2BC37415B73E3C78F4CD05A27AAF2D1AF24B114D5B604ED25A3CB030CB5ED5F90FF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding.js"></script>..</head>.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6193
                                                                                                                                                                          Entropy (8bit):4.97084920450951
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:Xxb1BFoFPtYdY01kA55YUr11thN4GjCYWPe:R1BFoPg71kA55nhN4ox
                                                                                                                                                                          MD5:5323C0F428E5AB2C5B98D70CCAD96D82
                                                                                                                                                                          SHA1:5A6FFB27924A4005AF7D2C3B2D3474296CB8DAB4
                                                                                                                                                                          SHA-256:ACC9C869943127467F0EC94E2442E6DC32D612AEA7B3CB4BC79E5C9CFE29FFEB
                                                                                                                                                                          SHA-512:5C0D7CAC166D712A24FF32179C32A0222ECCFA546180BC095562540BE0343C4446EA58149E0BE7D459912164D6967CDC4DBA8894FA5DCD245E9967B9B1F05672
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.. var TOGGLE_COUNT = "toggle_count";.... ui.SecureSearchToast = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. checkboxChecked: $("#checkbox-checked"),.. checkboxUnchecked: $("#checkbox-unchecked"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. doneButton: $("#done"),.. },.... isCheckboxChecked = function () {.. var isChecked = false;.... if ($el.checkboxChecked.css('display') === 'block'.. && $el.checkboxUnchecked.css('display') === 'none') {..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2101
                                                                                                                                                                          Entropy (8bit):5.242260723103398
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmZzhs:xArx7M5TPWfx9lzwsvzO
                                                                                                                                                                          MD5:8875B943E4A0478DE115297F7AE15374
                                                                                                                                                                          SHA1:2A7FE3E91F0311F1E3F0C866433B486ABAD993FF
                                                                                                                                                                          SHA-256:46A73A0ED9727F5A8FB11B6BC2C50BFCA61FB7D1E4B378B2A872EF542A2E6184
                                                                                                                                                                          SHA-512:A54387EF1EBFF35ACFDC09898ED9E3F48115085099B8C142D29FB24C8405E6FB70548D1B39E762AAD79852882DC7440A2664AA8785FEB811348EC54EDA82E70D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2093
                                                                                                                                                                          Entropy (8bit):5.211627809076251
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:AswDjYEZGNVMr71rAVMr7EVMr7VMr/VMrlEa0VMCrmglB7vURFWS4CicmQZmqEgF:DOjNlTneCp3CTRSFWSO7QmqPOJa
                                                                                                                                                                          MD5:09D7B08CF2AB5A9740F2E1410F640C05
                                                                                                                                                                          SHA1:99D525CFBD73E32C52FAFDE0D4E31014A1AEAFE5
                                                                                                                                                                          SHA-256:2D34CB6BCC22E9AA2D7726826822591E4BF4D357CB93AC8CBD5640B8BE3CC953
                                                                                                                                                                          SHA-512:2176A29ED9EE9CAE03466959D74F8B30D809CC6A9EF36B7E2B5BD96E098360709B47BA51E42DDB94AD2CF46991732729D33282DEEEC3C0EF967B9F7C390B7759
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.js"></script>..</head>....<body oncontextme

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11553
                                                                                                                                                                          Entropy (8bit):4.9747928509257235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:lAGSRh8MezXoRYhsCSRyTe7TSlR2R1pUnoKWERjW18jEcYyhd0hyfXt:m3hFezXmYhncyTe7TSjg1unoKWyq18j7
                                                                                                                                                                          MD5:6B3E4AADE37EE300112C3E9158F9E5DE
                                                                                                                                                                          SHA1:EC0B1942E728314C4C059A28AD14D7051AD57846
                                                                                                                                                                          SHA-256:495B033EDB2E89A93B5FEA0F356E8A49F5352752DCA4A33E07075599C6DFE570
                                                                                                                                                                          SHA-512:89B259322322E060DCD391231DCD2F3F3A78ACF53A98457EB7420F75FB2BF593FF8FBDF609B46057185E7632777599E6026B6AEDB416355BD1B99DDC8DA0A619
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION",.. Label: "TOAST_VARIANT_CHECKLIST",.. ButtonText: "TOAST_VARIANT_BUTTON",.. T

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7462
                                                                                                                                                                          Entropy (8bit):5.112046421229621
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:OWZxXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cgn:OW0H2zFguf+c9Ug9K7aO9Y1bZU
                                                                                                                                                                          MD5:886734F8EF0F7A2BD7AC8EE63EAFC745
                                                                                                                                                                          SHA1:71AAC29E2B35E35315E9CEDF61B1F514FD7371AF
                                                                                                                                                                          SHA-256:AB8A4CD13E6BE8A35CFAD9B47251B46C28F9AEF9FF607B87C01AECA35595507C
                                                                                                                                                                          SHA-512:39AA1ADAC25DB607A5CF8627768238A5AB51100DF0D4E57D0E29D3A09D1B38FA562AB84E48C6EC0CB37C465E0191AD0DADF1D1123C737E755758851B7186052B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3851
                                                                                                                                                                          Entropy (8bit):5.043335582612994
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:jMsaURv265bWZNY0TUYoAzgs3CZ4ea9S6ghD2QXIanvOksN:jjbGe9Yo2gs3JeacVDfXIanGk6
                                                                                                                                                                          MD5:194D0B9162D444B0DBFC81EEB847DD7F
                                                                                                                                                                          SHA1:90F0A30B758221B2F2C4499BF66B1D122329A253
                                                                                                                                                                          SHA-256:02DFC1A9187AE8D00620CAFA3653085BE3E32533C33A304C902654666A439E58
                                                                                                                                                                          SHA-512:7BFA894BFD24D9CC6959CF166B25EB2DAE771E89524CC398CFD3FD851F3031874E89ABDE29A3DF3CE307D701D85D8240F316BF09D4612ED175DC427BA66C2FA7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\weba

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9145
                                                                                                                                                                          Entropy (8bit):5.149275800236925
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:lAZ3m0aWPwT0JrrvG1zuLIhHQnJC16yhu3Fo65Dcw+hdlgX+R:mZ4j1yDJsu1oprfs+R
                                                                                                                                                                          MD5:4E75CA82B63BF0D7CE816D5E07456841
                                                                                                                                                                          SHA1:3392B5074F72124100DEE3CC1F63393C30C58C0E
                                                                                                                                                                          SHA-256:6436CD5A82FBA6D79412856952150658ADA7B06AC0C06A2CCFF41684D28733DE
                                                                                                                                                                          SHA-512:8A70EAEF47B0722794E87461668C8B9775D52FAFFB24BB9AE7B9C15AF263EBA74C014A12DC5FD179385AE741C64454185290A2C87A35186C122AE39BDD10CED5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__container"), // dynamically change container if text is too long.. feature1Name: $("#fea

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3034
                                                                                                                                                                          Entropy (8bit):4.638682919992348
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:B4j7B2AacfdwtxqApUQVVPhPkzYOEbFQO0HR/1xRzi1CePNXDtw2:scAa+dwtVVVPCxEeO011xReXDW2
                                                                                                                                                                          MD5:B90AC515CF2471538F252204450BD9C6
                                                                                                                                                                          SHA1:FF6F2C0CEF15E3047F8C4A510D2CCDBE7030F7DB
                                                                                                                                                                          SHA-256:0334EFDA0E4D28ADFCAF4C7AED0EDD3EB3EC1BF98981AE8122278A25B4B93AAC
                                                                                                                                                                          SHA-512:94581EF550DE590DC11A4496E07D8877C19DA470B661B08AB544B1251FFEE99A657115BFAEA2C9B0B9CA848BE3F6C01B04A4FA51DE47340FF00563E1C728A97C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. button: $("#wa-dialog-balloon-button"),.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $("#mc-dialog-arrow").. };.... var telBalloonType = '';.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... _window.show();.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'F

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2413
                                                                                                                                                                          Entropy (8bit):4.801374194851256
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:H45ikVjkpq/nWp1qgVsk0HuKAh51nhtlUT:Yjk+WlcsBhtlUT
                                                                                                                                                                          MD5:706EA6AA85B81C7698F191EF1182BEC8
                                                                                                                                                                          SHA1:2EA6643CE2EA042DC4B0B0BB048EBBC4ABCE4F3C
                                                                                                                                                                          SHA-256:20CEACF0E32F77DF4ECE5DDF4A8EC6411B04916701DEA3919C311BD4C5AFA3B9
                                                                                                                                                                          SHA-512:EC75CC071062E8C5BAD474EBF993A0931342EE071B92FCD71565082B509864781DA3B68B009F36BC1853428DCB66023E3530EBB24552F6105B11AF9E3B54351F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. var $el = {.. logo: $("#wa-dw-toast .logo"),.. status: $("#wa-dw-toast .status>span"),.. content: $("#wa-dw-toast .content .body"),.. block: $("#button-ok"),.. allow: $("#button-cancel").. },.... show = function () {.. _window.ready(function () {.. var domain = _dw.getDomain(),.. fileName = _dw.getFileName();.... $el.logo.append(_wa.getProductLogoHtml("wacore:mfw\\packages\\builtin\\mcafee-logo.png"));.. $el.status.append(_l10n("PP_STATE_TEXT"));.. $el.content.append(.. "<p

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21369
                                                                                                                                                                          Entropy (8bit):3.8672869876322054
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:LravuBFTItBHDiF9ymq4pZpnXEB25hmmvYXOergIzKN:PavuBcBHDdmRHpXEB2UEI+N
                                                                                                                                                                          MD5:135EFC09A3C04100FFE3C123FBFDC6CE
                                                                                                                                                                          SHA1:8D940249DB78E559209CB78520E100188487143E
                                                                                                                                                                          SHA-256:1C99E219D44E98E1750368C7EE4DCEBDE0BE93675E4CE31F340143704FFCAA8B
                                                                                                                                                                          SHA-512:7CDA9587E90D3ABBDB5102D493C0D72CB62B82D4F1C4A9B869ED433620E40616AC3B2C9E237779A2ADC6F707918EA0C2C58101BF2EC1E3693B3BB1FA96184351
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 210 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12312
                                                                                                                                                                          Entropy (8bit):7.968450241648148
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:yRBdas2d1PJ4BYvAHpw+9zCUu3lsOgtPaITUL:6UdVTUoUTHs
                                                                                                                                                                          MD5:4FB51E8F6008C7C9C8F0A1075BED12A1
                                                                                                                                                                          SHA1:39C35D6482BF2D7B8A347991BC99F4EB408B7FE7
                                                                                                                                                                          SHA-256:866910A9732E353EDFE938958BF6F4B6FF03FFA6B90589BD03C44011D2E41C37
                                                                                                                                                                          SHA-512:6C39FDEB9036823547E8515A7F0505B41A519F5F70D55A1D2B51A10B9FAC6D8738EB3D78D2DE2BEE55666C5712A4753D72450760B69836C7F1B71577760FD99F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............4r.....pHYs.................sRGB.........gAMA......a.../.IDATx...|....vyU.xO.. ..8.%!.8.PJ......t..RHx....@[.......@i...-.<..H..%....x..y.l-3.+.<.G.i...~>.F..5.9.=.\.,,tp.P...rr./~<...h......a........A?.i.m.R.y?9a.y....".......0.,0-........LS,!Y...al...G..k....V.a.NGQ....p8.o.A#..<...<...0.+.`..0.....!...k..Y.x..ax~-....T.8w.t.T^...`..&.a.#.h......}Z.8...(..4.^L2.....&X.M0<.....B.T....d..62......`....,...'f...I<R.....!..t.T..(,.e.."......x..9...Z..(0.BH.]...2....lS.D.'".h)$kU.. 0....:M...z..6`..1.1.|.VI.%.9...3.B.NS&......i...G..i.mS..M...f....x2!.5.....:M......y(......V<...,.%....!.W.d........s.:.BJ.W0...WO.!#.b.E..Z.fP0..r./.j.....lq....M.u....L....3.2PLD.O.Ao.!,.!?.....2...iR.D..[Y...-,. ..d...cC[.%..,,..a..U.m.<.4!%D....`aa..d.L..%".."_.......,.YL.d.|s{gp.L1.......Qv..I....38.q......*pH...j..0!.u..,..XXL.SV.j..p4..1...w...k....$.s...:.e^.Dd..`...g.>.dr......U.b.O.....&.Drr.."_..C..MV..."a\.V.."?.B`.3y.y....E.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 210 x 197, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9639
                                                                                                                                                                          Entropy (8bit):7.959929359756836
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:8Sx+XNV33b9KE2nQId+RaxmxmDzMeRPGUhtGrnGyzcgJSzJKlkY+BjJJnjYdSPay:7SX9KbIRARfvRtklzcgJS1Ukz7hjYdJy
                                                                                                                                                                          MD5:0960D91DFEAF52DB02812BF775B62C55
                                                                                                                                                                          SHA1:125D3E9976B984B6BFDD698140626CB92D393722
                                                                                                                                                                          SHA-256:9E7C4BF9C4911967D24A948BFFE7268F5925A1B1E3DCD5D9CBEB7721DF32DF24
                                                                                                                                                                          SHA-512:C2AE53F305F34A3E6B0EF8E29A1E21A477C4A62F6AD27A69A91C7F1CD601A94DA1012341169F7E11C293D12AEC9B07B14CCB23185829A8C7F05FE0EDC718B681
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............!J.a....pHYs.................sRGB.........gAMA......a...%<IDATx..{t...._..j..%...`.....!..q.....&.N^..$....Hrv.....v...........l2I&..a.....O.[......l...WU...[.wwuwU...9..]...T..=.D".H$..D".H$..D".H$..D...DR.}}.@.-.iG.k...D........RH..\..&.*.r.M.|..j:.M...a......a..Dkk....)$I.I.pU...w.C.P].p..ok..."bA....>..T.r.!\.&.....R..8..9...8.(..F........;..K..wp.N).rB.){...\gk0....$..]twd..#w.\...Bh.0.....j(.R..*\....7..8.o!..B2-O=.g.}..),.0.....5'..{*.).i.ZW5....UBrP@9..`w.b-....6!.]..O.B1.o[h..5B........r"\A.]..]..B....S{..|....6.\(^B.4.n.o..g...Y+7.q]...N5.R.Hx.....H.Vz\?.....$3..l....Xr.....Z.{.bj".Y.=.v+d...z.J\..1;2...a.(.`].r....U....8..S..../{d1.A/@V*..z..,.o-..MF....&.(.S'..p...V6.w..7.N7.z..i.Lx...vCB..P.(".,..K5pe...l<$q#....B.P..+,.=.H....d..fE.......].FL..I.H........7.G..$...W..>..D..EH.X....H...'....FT]H...9....[.|.5..1.Yl...!...C.......TMHT..*;*...Z....:......q..I.I...G.N>TEHfrA..I.C...G. ....(.K&.$....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 142 x 114, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9195
                                                                                                                                                                          Entropy (8bit):7.974458734523204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:qSgxF7Rxse5mfaPumPCqZplpMCwhsoYl6Va1uaOyplM/0zPMyWEu0:lg77RxsRaJCqD/twhsFl6VaD5KyWEj
                                                                                                                                                                          MD5:985990E7B49221E68CA85928ABFB55B6
                                                                                                                                                                          SHA1:A625326AFC180A99526B9C1E36C85718A8AE4E53
                                                                                                                                                                          SHA-256:6FCA27CE0ADD2712EA1CBAF52291BBC2C9AA3E5B8411348DA4459082E53D456F
                                                                                                                                                                          SHA-512:AD415F9B2242675A26DFD9FAB9DCC9E2BA02191EDFB4B938C688458E92379263C9E1357EEDF8E97D4956E3A28E69D59A80C6FD23777371A33CC1A02D2AF45181
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......r........j....pHYs.................sRGB.........gAMA......a...#.IDATx..].`TU.=.M.d..R.%..{...*M...(.k..UDqw.U..]uuw]...H.^..RB...u..3...L2.2....}.d......0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0~.h.v..W..#..%....]..M....e..rA.iI.>q8...E......qI.Y...T. ...Hr..]..{.V;.....G...S.J.........Z.Y.6...(...Dv.%%l"`..`.%X...m...a...J.#...,.....G%..:]...I.^9z..-."#.......B...%(a..0:t.0.`<.@.K:?!G.@...42.`..%..X..\>z.3R..N..}.b..%..:A.N.B..>...d.H0X...C..H0"...,..m.EQ...t....N....Fi.v.Z"y#SE..U?M.....mv...S...T.[.7*.'.T.0<.,..E..%:.ce.Go..g...&G.U.A......;.m.E.k6...%..2.tt..#J.w...|X~.R)h.g.a...6.(c........U.UZ..$.1a.........Pq...+.%....`....p8.6..ZNoWl...8.....$.#.$I{.m4.+`.7...0..B...SC.e............2....;..E..A.H3.^.}.W..E..9.....).Bs.b....K.. .q....q. (...... ..........`.....*..s.........C s..6oJ..Q...F.I.&..Q.N;v..... M..~D..P..Z'Ga.<..{%.....<l...')....A..."..ATT..x.z.c..B...A.q.k.....;...M....0....5.6n.P.7.......w.(,.%..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2407
                                                                                                                                                                          Entropy (8bit):5.148335532359029
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Uk73uxPuaasQ8+FQv2xfdleIileIjOmkRlYWBheIpJqqeGzeNeIp5eNeII64J:UDj+aOxf7KjiRlYWBxadt+t4
                                                                                                                                                                          MD5:ACE11B7FDD8896AFE05BC6A25081BC72
                                                                                                                                                                          SHA1:B1C2D5F41C3719AD8EDA01DC4B50602B35BEFB09
                                                                                                                                                                          SHA-256:761ED2999CD3F6DB58CCBD00F3CF4874564C30E5B9E21DBD13501E909748FA68
                                                                                                                                                                          SHA-512:69B07BB9CE7AE4FE71E93562E80D23410878820593D743634582F9B0FB4F2107B8B5FCCCC3F32B4BB0527B8ADB680CE3884533F2BED58943064F1C521E175721
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;..}....h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;..}....p {.. font-size: 13px;.. line-height: 16px;..}.....main {.. text-align: center;.. background-color: #ffffff;.. height: 220px;..}.....main-logo-container {.. display: inline-block;..}.....main-logo-container .img-wrapper img {.. max-width: 128px;.. padding-top: 32px;..}.....main-divider {.. display: inline-block;.. margin: 5px;..}.....main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position: relative;..}.....main-description-container p {.. font-size: 14px;.. line-height: 20px;.. color:#000000;..}.....main-description-containe

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2529
                                                                                                                                                                          Entropy (8bit):5.078446846524373
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cXTxBv26HCe8+DSSqoFbeIwEeIYuAXYgY:p8zFb1DgY
                                                                                                                                                                          MD5:7DFFD407F62727E6E1D71AE78001CC1F
                                                                                                                                                                          SHA1:D92F03545A15D360453E09679938EEEEEB8B5EEF
                                                                                                                                                                          SHA-256:D1456E95B707A89DA12600233EE573004066B7A13CBCDE7FEEAB1CD43789DC08
                                                                                                                                                                          SHA-512:3FA0C2E556EA1ED15962A6417643AFD35F389ED796D6C6B23BA4E06348456394F9C88995E14EC1897B7FDC1E0210858C92B8544748AA85B5D189DA099EBCC40A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.js"></script>..</head>..<body on

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11903
                                                                                                                                                                          Entropy (8bit):5.080001554604501
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:80/PfJTvqz3NbDdvSNOsxyVVXMT2Opb6/0Q6w:JPfJTvECBxyHcTRA6w
                                                                                                                                                                          MD5:44E2C89A41EF766119A1270F68A2BE83
                                                                                                                                                                          SHA1:031169D58949342543F3F16A20897B7D127BE532
                                                                                                                                                                          SHA-256:1B66F9F4A2EFA6564DFC205AF5EB78A1AB54DA5D156544AB677AD56B4407B0A3
                                                                                                                                                                          SHA-512:0CBA3EE2670698FE27E07999392A04B4FC1CD3F3BAF255B7DF154F394B3A52E97BFC074C8A5EF4E60AF91218FE6FA3AB6E590A14599140AFDDE1558C35711FEC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function (toastData) {.. this.data = toastData;.. this.lang = wa.Ut

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PNG image data, 47 x 46, 8-bit/color RGBA, interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1793
                                                                                                                                                                          Entropy (8bit):7.876784630522941
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:qaOARKiy6Zk/fIEJo8VsjZhQ78P49eiQgPO4sP/ulgafKd6c:/OATy6Zk/1x0TQg+wvPmlga1c
                                                                                                                                                                          MD5:0649B7E9A67DE6931312BDB5BE3FA6D6
                                                                                                                                                                          SHA1:285B792941D7CCB34ECC8749A367CAFE4A51D4B1
                                                                                                                                                                          SHA-256:CBB5964B1888A95703984990FBC9C71448ACBA8A5E19BC0A96E626C2129F7E22
                                                                                                                                                                          SHA-512:12B8E6C4F3EBFF51BA6CE1FE66D737461CD0C30F0B9E65443256886DDBF9E1518E3A26D9186CD8F2CA95EA09D35F910372558BE1C997073E0E26603C4DABC22E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.../..........|p.....gAMA......a.....IDATh..Y]l.E....R....?.y.A@1.mi.)F.....#J.F.'..O.Q..#Q ......>hPH...X....b[b+..@.Q @....{w<g........W...9s.7...93C...7..e.b..\.d.....d!..'......G.....k...2.1J.a.6.1!.{.E.0..r...D.....I.5k.../.@..&QD.*j.oW.....6...}.2...\O..,..f...q....U...1.....Lf..U....bs....:.0!..?Q...j.e..;...X...qN.JM.[..../....=..2T....T?..VcR...qFl.._.T@.s...rP.....L...3!1...L.Z..xlh0.....Tr3..D..V......^.^..t.....3O.ED....8j8....k.E.`...{.>....v8...R...@.8.R_.. ..|&C..?.....rG..( .y....}.z.p.28w.....k..v.7.~.......7F|.. .@.8"..,..L...Q....7.a......oI*.z.f.{.j...`......}g.....!Y.... ..J2p..IJ...2...X..G8..Y.. N}..t...26.....M.._.....c...fs...{....)t[.,....e.&............t%.PX...W)..%..........t.`>.....7...H..s.CW..........u}.nS...~...&O..1...C}.....#..G.IH0.mjj(.._....M...=..C2..==..V&...~1..?...en..M...\.Q.%...B./.g.S...... .#.(....*..q...jb......p;../5.m.T..-...SE.h..(.|le...[.**!...=:TJ..!m..q2..CI.$

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\custom-checkbox.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):292
                                                                                                                                                                          Entropy (8bit):5.419707792418915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:KYCutJFlCutfwEr+gCutF3GHKllj3kkkQ+sCRXU2QcK0bJB0YndswRFOh:lCu77CuuSCu3TlljUkZ+sCRPQf0bJxng
                                                                                                                                                                          MD5:2D4716CB6396867898E638FBED581C92
                                                                                                                                                                          SHA1:CCE452A7EFED51B864DDFE0A67528BF9ED46A6E7
                                                                                                                                                                          SHA-256:A4877EC3224DB3A15202C61314851CFD3F3AD571D5415A6FFC94418B98DB833D
                                                                                                                                                                          SHA-512:5750EB789C2F648A6614E034C847177F2631628F61427C168141F4717814AA5BDB29A6EDEA730711E00593723BE863B13EBA4EDAA8E2DC7F029DE2C9DAEF5F1B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:input[type="checkbox"], input[type="checkbox"]:checked {...box-shadow: 0px 0px 0px 1px black inset;..}....input[type="checkbox"] {...accent-color: white;..}....//CF7A624574F35B686A76C33FBAA5D5626E68CB421789FDF19DC592634B8E15619F996FF07166DE1B52F3241BA149933E8DE73A28070A49845286C956C22317BB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\jquery-3.6.0.min.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65446), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89637
                                                                                                                                                                          Entropy (8bit):5.297773771322314
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vz:eIh8GgP3hujzwbhd3XvSiDQ47GKl
                                                                                                                                                                          MD5:A64BAF7831B8FBBC144FCE258F8001E1
                                                                                                                                                                          SHA1:13FFDDA846919FDC59679D1B125280F248929D43
                                                                                                                                                                          SHA-256:AE6E5367B413CA6723DE305E5DCA0C0798802ED8D7173F8D54572AF32C724329
                                                                                                                                                                          SHA-512:F27F2119AB74FF94F620E0D0158CB78D56D4907F5B7B82770A1D40F7C8AD8D55C891BC9ADC99777CC5FB6291A34A8DA372FDBE3F8937DECB87A8E7FD892DCCA9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):658029
                                                                                                                                                                          Entropy (8bit):5.645591473547629
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:L47MdRhPEceKr1GPHte7zA+0hungs74P2Ej4ITdJwuwvMaSPwCDVrxT6I9kO29Gi:BtvbIo/PWnPo
                                                                                                                                                                          MD5:73749C67AB20082E7B11AA59ECAD88CD
                                                                                                                                                                          SHA1:5260894A20670E0F2380166E929F76B9AAC1F626
                                                                                                                                                                          SHA-256:21A4157938BAD6BA8759799F72725704270B9C49D90097FB7F7E45FF0543E841
                                                                                                                                                                          SHA-512:561A0E1BD2ACD1FE4F4790054F6BB45DEC7394417F2AD79323ED1B96D7DE2DD5537F2A1C3D568B7192FE9E262FFCBA1DFA46DFAC9F943B6EAF4B39FAA678BFC5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-core.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24151
                                                                                                                                                                          Entropy (8bit):5.1621785675529
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZHbw3tcalAiF0+6ycdaYiY+JiZ0DmrhiWbYM4veoX0qLv5Ms9X+95Synwn2:ZHbw3tcalAiF0+6ycdaYis0DmrhnbB4q
                                                                                                                                                                          MD5:FEF95AACA6FE669CF114CB9E796BD485
                                                                                                                                                                          SHA1:D9B8B9E986031F12519E275D6249A139CBF9F8C1
                                                                                                                                                                          SHA-256:E5FC3A4451EDF51FC28AB4019EA75BE0A4A411DF26FE2BFD2B0BC9F5D7465712
                                                                                                                                                                          SHA-512:0A368EE1F64986DD88D0B5AC470FCAD51E23799779304A457D871DD2380C364537D14EDA23DDD52258B54EDA4D7B83A596FB1AFDB04E61CC8FFCD2611105D625
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = async function (key) {.. var isIgnored = false;.. var startIgnore = await this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(await this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = await this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = async function (key) {.. var inGracePeriod = false;.. var gracePeriodStart = await this.settings.get("fixGracePeriodStartDate" +

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7998
                                                                                                                                                                          Entropy (8bit):4.696692835387019
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:j8KiNn2zKMXjRIQIeTZmY2OToGF/8OJISRjla0mo9SWLpmUtpdcSbFn4VZ:IKiN2zKgyTeTEZzSRjg0jScmcdvMZ
                                                                                                                                                                          MD5:D9975E21D059E90A256B00C48E4FDD54
                                                                                                                                                                          SHA1:44A68F5CAF5326CD90BAB396C93EBD29BC2CC098
                                                                                                                                                                          SHA-256:CD6D29FFFBDB412347D51D29D27DD7BDECAA05D85B01134BE1FBC2F9BBE4DEB2
                                                                                                                                                                          SHA-512:476AD8B1E514027C0B565D723F606A14B5AAF4E901132698B1BC661C8E73DC2D7170FF258494FA5C2D626CF0EB1DE170D0B7DDD7767DB1C39C47B0E13DEF6B66
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(options.message.text).. el.$messageImage.. .html("&#187;").. },.... setBorder = function () {.. el.$checkList.css({..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3536
                                                                                                                                                                          Entropy (8bit):4.494740738337656
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:kZGJ5nzQQenlzN1vylhovKKHNLzpCZjeVBXfoil:kZ8W0v8RHNLlCZjoJfoil
                                                                                                                                                                          MD5:5D2C7932D8D84AD6EF65BEFD0036BD93
                                                                                                                                                                          SHA1:E1AB00696037F650159A8E22311C93FB7B760B49
                                                                                                                                                                          SHA-256:3B752C707A77973161B5746A73CDB59839541A2BEEC7797336981964FA4D9A1B
                                                                                                                                                                          SHA-512:743A3109C00D503B32D93C054532F0FE23506A3D5747E44CDF3294ED9E0F42682E631AE0FD32D2B00E675B5C202F0CFF89C12D7CAF6627276C67A8FBCE2A637B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html,.. tabindex:"0".. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content",.. html: options.content.html,.. tabindex:"0".. }));.. }.. },.... createButtons = function () {.. if (options.buttons) {.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-utils.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18974
                                                                                                                                                                          Entropy (8bit):4.474059874801466
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:BZwBjF3z+j5csy4h11lidEaCa3z4T2EW85xzC2Rvbat2ReY9c8o9OmFfRo:WJyj5csy4DIE3mUTRbzC2RvbaLU
                                                                                                                                                                          MD5:6FA876B654EE2577A67E2F9BAFE775D8
                                                                                                                                                                          SHA1:C84A3C671AE1202EF60E5FA586D5E954EC6053EC
                                                                                                                                                                          SHA-256:C5342CE6CF56B39FE98D72178DC2ED431FEE3FE94116D775E175E473DC74345B
                                                                                                                                                                          SHA-512:9AF6AEDAD9291C38266BA724900FD32A2D9834A6A3EB855984E66AD3950ADB00979B692F2C67ECAEEC3347A1DE42FC8F6C589F3FBFEF491412A06CAA33763B64
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8697
                                                                                                                                                                          Entropy (8bit):4.951690631753836
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:O4n4gMn8LeQ1EU/AsS3zwgPSQyg8qifxE74:p4gMns4sS3znPS08qifxf
                                                                                                                                                                          MD5:AED77490021932F6B70456B419E4EC72
                                                                                                                                                                          SHA1:D9E2FB4DE3CA0BA2E8782DA5B12DE9BA2C87F6EC
                                                                                                                                                                          SHA-256:0A46965A67D037DF02D66FA8159FF59222168C8111FBE47BC2A580FB0AFF80B1
                                                                                                                                                                          SHA-512:53F978177BB2D4EA5217DAB4D4C2B77769829A307E26F271B8690803591DD13E4D66FEF45D563C92785C53E8E313CD38CD9305EDD0B2851CE3B7CEF1730A7C3A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = ""; .. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = "";.. .. this.update = function () {.. _window.ready(async function () {.. var args = JSON.parse(await _external.getArgument("template_args"));.. var isInitial = false;.. browser = await _window.getBrowserType();.. browserCode = await _instrument.getBrowserTypeCode();.. installDir = await _external.getInstallDir();.. if (browser === "FF") {.. wbShown

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2613
                                                                                                                                                                          Entropy (8bit):5.121215845258046
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3Ox0xsUa3l363kKk+kUTkikfE5CYqOcqe5QORDnyJ1:32ExqOcq6Qq61
                                                                                                                                                                          MD5:A9719DF99058DE7B9A3C2532EB09E14D
                                                                                                                                                                          SHA1:C55C96C03CFE3C1C2C4FCF12E5648AAE806A0BAA
                                                                                                                                                                          SHA-256:408CFD06FBA64B9EFCE52CD726D87BF72566E02A5F0303386655EC415DDABBF2
                                                                                                                                                                          SHA-512:993DCD65384820427CE60342BFEC51EAFD5EAA578F14CDDF5EA04A5B3459DEB511784B0C99EA797E274EF9CEB8A725E30ADE067465268E544F12F0604E4902AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-webboost-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-controller-nps-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (452), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23452
                                                                                                                                                                          Entropy (8bit):4.486451361086621
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CYEzX7WKmfpGz5C6ylu6MJcDoGeDbC95Qm9o:3e7WL8E6+1o
                                                                                                                                                                          MD5:E95C637128E017EA2A4AF08D44B02E66
                                                                                                                                                                          SHA1:84A69536E25FDBE2218C86F2B8B3B821BDAEDA9E
                                                                                                                                                                          SHA-256:F99EB95CF9F86CB0F18A1299370C836CEBCB34E37FF311FF080A7DCD2BD2B181
                                                                                                                                                                          SHA-512:62BD4C127538C0163C33761C9AE99E4EDEC6127BFFFDD09B73173DC8828F792AA68E92EC075A0D857371878D87260E5515A50E4E314753669B7E1B0DD322AAED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.. var browserCode = "(unknown)";.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(async function () {.. browserCode = await _instrument.getBrowserTypeCode();.. var args = JSON.parse(await _external.getArgument("template_args"));.. if ((await $(window).height()) >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = async function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-nps-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2422
                                                                                                                                                                          Entropy (8bit):5.097939445435896
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3kx0xsUl363kKk+kUTkikCCFqOcqehQORDFqO:OiqOcqiQqJv
                                                                                                                                                                          MD5:EF1F2F2A4F1E96C065B1B0D237291851
                                                                                                                                                                          SHA1:3DA097A79E96CF3162A5503C8647D534180AB62C
                                                                                                                                                                          SHA-256:38576E0580D66E40794BE57ECC724501518B7AD70248DA28EB4D2F27DB9C8537
                                                                                                                                                                          SHA-512:4066145B54767FC1DA99798BA924259EBB344AA1300B1B7781BB5001476910E341E901922964FD590FA2C7178CA33142C450F12E0F36CF207FD548FF8D02931C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5551
                                                                                                                                                                          Entropy (8bit):5.146817311828136
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:xs0xQiszL7IsF7IaDNG9ag8sMfgm2bpxu0sHKJxMzuGFqrKEGZI7H3nJaPsC6L3:xsrr5AlNxbbMM5JaUdL
                                                                                                                                                                          MD5:F325FDBFF6093DD39C3810F4FD42D39B
                                                                                                                                                                          SHA1:FAD74E77575EA06EA0CEA03215F99B3547171C90
                                                                                                                                                                          SHA-256:FFCA4F1251360DE3F09303B403B0343EFF5E70A9279EF751CEE74FADCEB0D479
                                                                                                                                                                          SHA-512:99C8C24C3249C5A4144F7B46ED46E3CC572BBF4AAAB34C969F0F706F9A321DB7A47A5277B14C45BB1DC1041F70CFC358950E5711E2EC8C8F19A276ECFBE2662F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;.. user-select: none;..}....#dialog {.. display: flex;.. width: 761px;.. height: 565px;.. background: #fff;.. border-radius: 24px;.. border: 1px solid rgb(0, 0, 0, 0.12);..}....@media only screen and (min-width: 700px) and (max-height: 500px) {.. #dialog {.. width: 730px;.. height: 422px;.. }..}....@media only screen and (max-width: 600px) and (max-height: 350px) {.. #dialog {.. width: 547px;.. height: 306px;.. }..}....#card_layer {.. background: transparent url('file:///[WA_FILES]/mfw\\packages\\builtin\\wa-sstoast-toggle-rebranding-grass.png') no-repeat 0% 100%;.. background-color: #FAFAFA;.. width: 530px;.. background-size: 220px;.. border-radius: 24px 0 0 24px;..}....@media only screen and (min-width: 700px) and (max-height: 500px) {..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2274
                                                                                                                                                                          Entropy (8bit):5.282371415143711
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:5srbbqNax+k+CQ0NVMzWWrVMzLKWrVMzQ0VMzQeVMzQ+k+2VMzQdk+yjVMCpHgke:qaaxily363k3k5kEk2aCNXpGtgSTCw
                                                                                                                                                                          MD5:4B8CE6B0361D3260931A847BD4F1B074
                                                                                                                                                                          SHA1:F4DC5C22B8FD998A02EC41E205EF839BA1286E79
                                                                                                                                                                          SHA-256:757CCD546E4E9D48537EABBC3EB1180090D33413E8BF8A17445D15ECC328184C
                                                                                                                                                                          SHA-512:BC2D11445EC9467612CBF291495F55DB495761BAAD15AF48D019BDF8D8E4F800A469E1DC8CA8895C6F8FD88D1250EBE467298308D11962B7068ADA102597AF27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\edge_onboarding\\edge-ext-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5437
                                                                                                                                                                          Entropy (8bit):5.109883294557674
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:lAGmLlBEdl33zgfgD6vMHEJAbePrENba+wlZXoGc:lAGmLlBEdl33zgfgD6UkuarEM7lZXe
                                                                                                                                                                          MD5:71774B8D7B4F59FDD9082DD5CC733DF5
                                                                                                                                                                          SHA1:F21129E2B6B0366D9F8DC038FDCE21DB1835052D
                                                                                                                                                                          SHA-256:575A60606003382D7DAD2D57B949EF3F21E067837322BB342442AC40B1F85374
                                                                                                                                                                          SHA-512:42ED300968C25B98976BD20A25433D2E8B68D54B9EC9DA13819E23EEE1787F0B580B3B9B7DB26035F6FC3D1463EDB6F3FA39350DB22AF789744E15F9CEC4047A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var toast_variant = 0;.... var newToastDimension = [.. {.. width: "761px",.. height: "565px",.. toast_type: "EdgeOnboardingControlToast".. },.. {.. width: "730px",.. height: "422px",.. toast_type: "EdgeOnboardingLargeToast".. },.. {.. width: "547px",.. height: "306px",.. toast_type: "EdgeOnboardingSmallToast".. }.. ];.... var $el = {.. checkboxInput: $("#set-web-protection"),.. title: $("#title"),.. desc: $("#content p.desc"),.. featureName: $("#feature_name"),.. featureType: $("#feature_type span"),.. featureDesc: $("#feature_desc"),.. doneButton: $("#done_btn"),.. closeIcon: $("#close-icon").. };...... var stringMap = { // check for correct string.. InfoTitle: "S

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge_onboarding_telemetry.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1753
                                                                                                                                                                          Entropy (8bit):5.108114143576874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:VUV7NSU6+ra+pbXa6oNLwghRo7Atzn4XAQj0+NyKVKcEZJ4fFh:VUVC2a63gxtzn20KIp8
                                                                                                                                                                          MD5:51712199DE87F566F578FEF3CB0D90AD
                                                                                                                                                                          SHA1:0F9196E6CAF180D2AA385D81278FA8CAF4CACC58
                                                                                                                                                                          SHA-256:A0688E2DB7902B91E40605BD499AA4370B237B4059A94D812B64EF4970956699
                                                                                                                                                                          SHA-512:6EBBA4DEFFE91B2D6E58F34C06ACE59AA53D2279A92E68A3576D369D244C2B444EB016D6FB4039E8903CB657BE54EFCC863455498FA6F15681BD343015698A30
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:const send_onboarding_event = async function (action_type, ui_type, toast_style) {.. chrome.webview.hostObjects.wa_external.log("edge_onboarding_telemetry.js: send_onboarding_telemetry function");.... try {.. let browserCode = await window.WebAdvisor.Utils.Instrument.getBrowserTypeCode();.. browserCode = browserCode.toLowerCase();.... let isImpression = action_type.toLowerCase() === "impression";.... let closeBtnEnable = await chrome.webview.hostObjects.wa_external.GetSetting(false, "1", "edge_onboarding_close_btn_enable");.... let metadata = "close_btn=" + Number(closeBtnEnable);.... let toast_dimensions = String(await window.WebAdvisor.Utils.External.getScaledWindowWidth()) + "x" + String(await window.WebAdvisor.Utils.External.getScaledWindowHeight());.... let scale_factor = await window.WebAdvisor.Utils.External.getScaleFactor();.. scale_factor = String(scale_factor.toFixed(2));.... metadata = metadata + ",toast_size=" + toast_dimension

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1497
                                                                                                                                                                          Entropy (8bit):5.177183687065216
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UEWZR78xQ/0elV7k1Ze+fkMFE1g60q30iTxhxs4P0Fu0xx0j000sT06bw0SX:xmp5UEWZp8xo0uOuHMFYg60q30Mx70Ff
                                                                                                                                                                          MD5:611F755587781C3F7172053EAAF62428
                                                                                                                                                                          SHA1:7A9F9AB01DC784055DE944C783B2EAE4578D25A8
                                                                                                                                                                          SHA-256:08BDDD8B53C03EE7B476219CB6AE4B190390C5933F1C71EB13DF696A0E14BCDA
                                                                                                                                                                          SHA-512:223FBD0C24514977271A67655C58D0E48F008B2A19F4630992F222653F25B7E0E24BA991698D36334AC11BD745CB997A4ACE356C36F4FF6AC726CD1BAB59F5BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. width: 656px;.. height: 392px;.. flex-shrink: 0;.. display: flex;.. flex-direction: column;.. position: fixed;.. bottom:0;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. align-items: center;.. padding: 0px 35px;.. border: 1px solid #B2B2B2;..}....[class*="flex-item-"] {.. display: flex;.. align-self: center;..}.....main-container .flex-item-1{.. justify-content: flex-start;.. align-self: flex-start;.. margin-top: 32px;..}.....main-container .flex-item-2 p{.. color: #212934;.. font-size: 20px;.. font-style: normal;.. font-weight: 700;.. line-height: 28px;.. margin-top: 14px;..}.....main-container .flex-item-3{.. margin-top: 34px;..}.....main-container .flex-item-4 p{.. margin-top: 32p

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3066
                                                                                                                                                                          Entropy (8bit):5.332471412938537
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:wjRaxDlg+3kKk+kgkaCm5wEsCILQq5wEsCI2A5wEsCIIK17gHx:wjKdsT/dsTdsAjx
                                                                                                                                                                          MD5:157F08E078E9DD766F030F41C790EBE7
                                                                                                                                                                          SHA1:BF3E85E363822B2FBB820C71512CE07DA0AD4906
                                                                                                                                                                          SHA-256:78ADC215E8C7C827770BF57BEFB0F334ABA5088CD91F09F7FB1A9DC755617562
                                                                                                                                                                          SHA-512:3D1A1F4E8233C898B20ECF89AE9C41C870274871E43ED2F7781461960D9DF17D08F72C618A0725344E275ACDA1B3A9BC0583081460A5B4B061957E390A840EBB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_search\\edge_search_ext_coachmark.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.js"><

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3859
                                                                                                                                                                          Entropy (8bit):4.878022296204829
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xe04JN7xWXXZ8NQK8E3NQKbk/5XNmsN4qBNINHN4qPdFe2FX1YYtuK1H6ItuNn1w:EPoHvOGX67qPqP2k1xafsmWY06NQj
                                                                                                                                                                          MD5:1DE8953C2AC270FB6F535EB32E9AF1A3
                                                                                                                                                                          SHA1:D50A40A2EBDBBC4A3AE77F3B397D77FE13E34D09
                                                                                                                                                                          SHA-256:9E41A5D6A23999D3694AB0603D49F373F20F7E2D8E3A87AC036735FCD5B09F08
                                                                                                                                                                          SHA-512:962E479515D656EF9961286EFC373774DF1E45020DBAA376B09944D2ACCB4E99919CEC62FB9FAFB97091D0E2687C5F5013C52D911F690CF5674ED04F47CCD549
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* SecureSearch edge monetize phase -2 */..(function (wa,$) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 392;.. ui.SecureSearchTooltip = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("656");.. _window.setHeight(windowHeight.toString());.. .. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.OVERLAY).get;.. .... chrome.webview.hostObjects.wa_external.log("inside ready");.... var json_to_parse = await _external.getArgument("overlay_data");.... chrome.webview.hostObjects.wa_external.log("after getting overlay data");.... if (!json_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1725
                                                                                                                                                                          Entropy (8bit):5.462790400312901
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+swDxNxulQeNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdpVMCrNM/QoguKORMEyV8QQQ:NOxNx1/Y+3i3cKc+cGCEQgKy/Gn
                                                                                                                                                                          MD5:3164B1C1FE786BB558D64B2B731FA9AC
                                                                                                                                                                          SHA1:17FD4EF13F15A437F21675EC0F4A668B89F3CB55
                                                                                                                                                                          SHA-256:78036339FA65DD3E227C546D7CECC65732997BE2FFD646FA8501F16F2B3BE4DB
                                                                                                                                                                          SHA-512:0ADBF9FF8C976DFF567006F3B0D7620AD586E0C26BF40F8D1390A7579E294D2BD933DD319628467ECC9F9689BEF9F5760278CDBA25F6DBCF15FC7599AB0D2B86
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4111
                                                                                                                                                                          Entropy (8bit):5.089069563471304
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:T0AmdonK4uoOPV1PixEeB0NufP9SdaQbXkT:AATK4bs/jeCQS9bXS
                                                                                                                                                                          MD5:C0E7D1F5C34B168AF3F023074148C393
                                                                                                                                                                          SHA1:C4ECEEE78EF1575254E88EC8CAA0168A3C561A06
                                                                                                                                                                          SHA-256:F5170E917D7EEC60A2B61B3DB2673E703AA5EAA400325AD0A8DE8E9FDBB81C00
                                                                                                                                                                          SHA-512:0220A34135BB37A62ED5D6953359F5A89ED7A8CF00BB4B962BC690E0A8D1FB84E7B056A6454DB9EC2619D21C9D55D68541C4F4E171B028150ACBC6BF01D27FB7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2178
                                                                                                                                                                          Entropy (8bit):5.349457866120589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:NOxNxj/U3i3cKc+ccWCCFAf2PKqAqIMImqIuap:cUiJJmzTp
                                                                                                                                                                          MD5:2EFE24107B628FAEE2A511BF34E4B606
                                                                                                                                                                          SHA1:935ECF23A55CBFEDFF82596BFCAA66BC103ABE27
                                                                                                                                                                          SHA-256:FA42C8683189A575181694258C07728530515E76249E6FC1B995612E2855DF89
                                                                                                                                                                          SHA-512:532A633CC7B7B60753247B96C7A777F2913D2772B3797FB13399267F330DA98BBB7A94F38D4B6DDC24ECC882992BF4A1B292E734994F1055279ED2EE77A9FAD7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\new-tab-res-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3521
                                                                                                                                                                          Entropy (8bit):5.180727388265894
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:m5Y7fVMKxAX955IGIyy8CJ/Z1gu0VKz1hauWSvA8Nb0w4SVzz2eE/NXkfpRC2n:n3AXKffHguIKz1hauWSD0WVf2bXkBjn
                                                                                                                                                                          MD5:E78A327457AB6F478909AE11B6AA398E
                                                                                                                                                                          SHA1:76D2E940CD73ED9B8FD4BEEBC2E607730A03FC67
                                                                                                                                                                          SHA-256:AF69802AB92BCB8ACE0B56A4E0AF914179C370E083E4D2821F5C4A8E9972F25C
                                                                                                                                                                          SHA-512:97059E7855FE3DA5A2FCBB912DFAA4EF91E95FCC6CA810A8F7837682A8EEDD5A1376BAF3F10905345ED57F9FFCC48A49E6C1D649E7B9074AF34B232963D3A829
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1454
                                                                                                                                                                          Entropy (8bit):5.2497348247434195
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:xmp5UoZRqxQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMmxSlSh:xmp5UoZwxDHF3uBjFloZKY+YfnHcQeUB
                                                                                                                                                                          MD5:A1E5FF65EC605AC3076849A6ED7EAEF2
                                                                                                                                                                          SHA1:D333E828330CBB2327FA768507825E3F7035C059
                                                                                                                                                                          SHA-256:F82FB767EF7DEA81E368C18BDDF7DA2927B177228F654A77C6361973EBB5CCE9
                                                                                                                                                                          SHA-512:414AC9AA25742B7F21625619A756084308FD78BC27491F2319F3D84861A68D877C7AE461226B77E274E7CD710314147B96DA7EE7658E672216CBAF3E461D5AFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}.....content__text:last-child {..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1940
                                                                                                                                                                          Entropy (8bit):5.410078627773085
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+s8xMxdARQXNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdmVMCuedmlOK+uEralXRMSuL:N8xMxtUY+3i3cKc+cjCX6OK+punmQaeu
                                                                                                                                                                          MD5:6F797D96229BE64F47C8813AB3EA57FE
                                                                                                                                                                          SHA1:16062B184CF56864EC259FD67CEC27D4341C4FAF
                                                                                                                                                                          SHA-256:E77D78C0F07B62BA4548E82A3D4D8975688E2CA74D44DF56724EBAAFDCF262EB
                                                                                                                                                                          SHA-512:F41A9879F26E7A705BD3B5602997EBBF3CC781C13E19C1FEFEDBC5F8F7C51644D323FB4CB644732D7EE85015643242E4DED0D5B8D276B82AA7839B6D10A10714
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3096
                                                                                                                                                                          Entropy (8bit):5.135378216883125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:h4D7pOA4nDWFkTpGgWqbV9afhPkDYOEbV3R0GYmk/5LiMCH2qJoNmgxbV9afhPk2:cMA4qOfV9WqxEz0TnMTJoVV9WE6KGXt
                                                                                                                                                                          MD5:0293396E4256CBDCFDE5D5331DC3851B
                                                                                                                                                                          SHA1:9E3CF1DE3467C46FF083B82B945861DE5D7BDDEA
                                                                                                                                                                          SHA-256:23A04AF788D0D9D1A1D801B03610C09B031F35597AC07F13222AEF5C14FD403E
                                                                                                                                                                          SHA-512:DF62BAD0201C81C34796C6FEF8942EEE6B451E1993E2A2F3274CA21BAE9CC14DA06F8DD35BFC6B7F4D7316F0D09517421EA2461CE8371BDEDB687B12DD1C5128
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. };.... let browserCode = "(unknown)";.... show = async function () {.. init();.... _window.show();.... browserCode = await _instrument.getBrowserTypeCode();.... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browserCode == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browserCode == 'FF' ? '300.1.2.1-windows-onboarding-firefox-webpage' : '300.1.1.1-windows-onboarding-introduction-coachmark';.... var analyticsEvent = {.. _event_name: "wa_onboarding_balloon_impression",.. hit_label_8: screen_flow,.. hit_label_18: "Onboarding

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-checklist.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2368
                                                                                                                                                                          Entropy (8bit):5.135586629622516
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3kx0xsUl363kKk+kUTkiktCCv/enQORDuwJDEk5N:OGv/WQqKw+k5N
                                                                                                                                                                          MD5:8B8A2F738C925E8CF792B97854950F7E
                                                                                                                                                                          SHA1:175BA8DC8CA477A517405CD67FA632F59C1B255E
                                                                                                                                                                          SHA-256:082927BAEAD7385FC7BF98B5497658B405744F9E4421356FECF1312B9D74955F
                                                                                                                                                                          SHA-512:F70C03032489B321767075E8A6761B9EDECBA5012EA583F83B229B14228C3409121075FA16F90E1AD1FA53ED95932AFB8D32A8EFE6DC6E2A6FB40F306D7274F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-controller-checklist.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (333), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):17148
                                                                                                                                                                          Entropy (8bit):4.756841654795562
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:cD7PaE5btDT2o1Cm+kYNTth/6x5o+72vY4PWrRd4ZJ2W:Y7PaE5b1T2o1CzksTy5o+7GRP04ZJF
                                                                                                                                                                          MD5:8900B6AB2089AE5774987D76655D8BE6
                                                                                                                                                                          SHA1:69ECD3D2804A851B31DCD0FFB33BBEA16E096D01
                                                                                                                                                                          SHA-256:1D861BB309062425023ADD79D8F8B7AF496A6DC3670D17B63B011DC32128F240
                                                                                                                                                                          SHA-512:0ADBCB7735F1A186D1427EDAC231A109EC7F3F07A0EB5F37A1B4223C0F3BE2ED3DE6C618FD2143B6951336AA8776D63BAA01F1F2B99C484A322DD5960377B2F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CheckList Controller */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. let threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "file:///[WA_FILES]/MFW/packages\\builtin\\white_timer.png",.. alertImage = "file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },.. self = this;.. let browserCode ="(unknown)";.... this.update = fu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):772
                                                                                                                                                                          Entropy (8bit):5.266152347339336
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:xW/FJLjFUoZdTrh8FwIjEHpbXTfMUGAtf8+IdKjjUK+xe+IqFcF143jhZZwbW8eH:xmp5UoZRqC3dDUUhiLKyFc43bZp7KbEh
                                                                                                                                                                          MD5:2FE491FC40A4004468CD85A09A672406
                                                                                                                                                                          SHA1:76D97997038583C12A70B19461AEB75D12E466CC
                                                                                                                                                                          SHA-256:1F9310A0D7C7646689D719A57DC3FB2D3E41C9AB45ECE5D1BB4529F82D5936BB
                                                                                                                                                                          SHA-512:5624D6520E3095D84BF9755DDC12291FB6EC36362321F74162EF4923E0AA9EC1356E1201F41E11856D893D26AE10AB17C30963FE083D9F64BF54C51466EF902B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//8BA1828E4F1364FE4C3094A32E88E67157973A4AC83FAA690E4E509ED61CA2E6A3A40D4C268FFD8AF4F836F117F4708D3A7136E237DC9647BE53DE1A63089448++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1831
                                                                                                                                                                          Entropy (8bit):5.443201185141968
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:+swDxMxdI2u5YWrVMrLKWrVMrQzVMrQXVMrQdTMNVMCrnr5OymTQoguT+ORMfrAc:NOxMxG75Y3i3cKc+cdNCzd+TQgT+yA/b
                                                                                                                                                                          MD5:B3A9066BA4F6834CACA76E36CF70A3A4
                                                                                                                                                                          SHA1:D5FDC5A028A6C2BCD31889A36F86ED57046485F8
                                                                                                                                                                          SHA-256:FF683BC097BDEBBF2007D4ADF8AF1B573326B6DA3FFDE4315BBEDA3ABA314D5A
                                                                                                                                                                          SHA-512:A0BB33BD979231397878E895B19AAC8D058F546ED2C604CEC446DF489E5D3CE6F97069EB36BAD2405A60E7831D841B461D9F8B7E085BEF9B2257AA7B440D3F82
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-dialog-balloon-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dialog-balloon.js"></script>..</head>.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dwtoast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1617
                                                                                                                                                                          Entropy (8bit):5.267204915883037
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:V2skx0xutt5WrVMzLKWrVMzQzVMzQXVMzQdGVMC8jIYc6/F8dHK:3kx0xi7363kKk+knC8jKSFcK
                                                                                                                                                                          MD5:51ADA7BDB8B119DE4C9DF6A63539B252
                                                                                                                                                                          SHA1:0588C534D5A79CC9E30FE94072DF28884CC68DF8
                                                                                                                                                                          SHA-256:CA35BA7EE03B77DD82C3FD3CD3CE9DF3E83B82999420B9B2807245A81EEECF8F
                                                                                                                                                                          SHA-512:4F73C92ABCE2055AB9ADC4339A8A1BF2951359894DFCCE3C3D49346B0BD46E00AB456FF9940277D811FCFBC6FAE3E3601E9C5F1515699ED4736F612D1B93A4BF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body>.. <div id="wa-dw-toast">.. <div class="heade

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2483
                                                                                                                                                                          Entropy (8bit):5.219173796507417
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:7kxtxC363kKk+knCVr/R+5a5beIwEeIYOzdTsrn:+/Fb1DxTCn
                                                                                                                                                                          MD5:21EE04CC9FD2FFFDA6C2FE1B623F93AA
                                                                                                                                                                          SHA1:0FF796D19542EEA8067AAA8EC659B23A75407C20
                                                                                                                                                                          SHA-256:965A9812B2EB821B736C35D4F0C3229C4EFA2008B963F83B6C905B8F3E259E0B
                                                                                                                                                                          SHA-512:658C4893E8DD2B0C2BEA87461C8FF2EF28B2E716C6FC7C5B119FD1FF3D60D49E47A6F747C92485DE33973ED89DE073326E0A65C146657020DF53964A8B6298BD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>Download Extension Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ext-install-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ext-install-toast.js"></script>..</head>..<body onselectstart="return false">.. <di

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4885
                                                                                                                                                                          Entropy (8bit):4.835123536475242
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:1zDsTVq7EIkGvTkE0oN6El4iTZTzwuyFDk00JarkM0d7XO:qc7EIXTq06ESGZ37MDa8ryd7+
                                                                                                                                                                          MD5:BAE2CBB5C50B2DE82E238CE4A970C442
                                                                                                                                                                          SHA1:1187B13EAE2FDDBB88D15BA2CF1494A548167236
                                                                                                                                                                          SHA-256:CD116597AEA4DA4DB69CAA54DBCBA16E9EB3BEC49CB7ACAAE0BD8E9B9C3BFAB0
                                                                                                                                                                          SHA-512:B30B3B4F5C5AF4770A498922DCC144F06ED9292A817660B39081039683863E6AC851B868BB81C40223ACDCE3542F8F454B5497E357E56110D922925E6AFCB91D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Download Warning Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.... let browserCode = "(unknown)";.... show = function () {.. _window.ready(async function () {.. // Set toast window size.. setSize({ width: "485", height: "265" });.... // Get settings data.. let toastCountSetting = "ff_extension_toast_count";.. let toastCount = await _settings.get(toastCountSetting, "0") || 1;.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.... // Initialize toast... init(lang, toastCount, document);.... _window.show();.. window.chrome.webview.postMessage("draw_background");.. window.chrome.webview.postMessage("set_focus");.... browserCode = await _instrument.getBrowserTypeCode();.. //

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6769
                                                                                                                                                                          Entropy (8bit):4.974425154516147
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:yH5SvRvxVoY2bZX/o0lhOY52Q5YsYmafFZR9OIv:yH5EvxVD2bJQChOsV5BLaf3yIv
                                                                                                                                                                          MD5:817D9E6AAC3445BE9EDB4E912C4EFFCE
                                                                                                                                                                          SHA1:14AC4215B42332FEDB04D5DD0E7BAB06F96EE38F
                                                                                                                                                                          SHA-256:BAADE101BAFF701219501A1DF90E120B23F19A237CA92E1C953C0589C9CDA741
                                                                                                                                                                          SHA-512:26F74926C22BBD72E2126D7A97F86F9332CE4C14FC8415EB656B3AC613136B3012B5CF370478F54A594ABF0C8AD7C3900F8A5492797D0C58E60683FF4503BBC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1561
                                                                                                                                                                          Entropy (8bit):5.436335174224512
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csY0xtxdJQeNVMznWrVMzLKWrVMzQzVMzQXVMzQdQVMCmFgtHGOSCeO:3Xxtxk/r363kKk+kNCJtH/eO
                                                                                                                                                                          MD5:F752617D495931000B6289C4CB0331A9
                                                                                                                                                                          SHA1:BFF1ABD4967BF5D812FD27FCEF348839294C02DB
                                                                                                                                                                          SHA-256:FE6FF6E6AAC49A1770050DC303B43E112EF3014F980515EA8596B944E3D6721C
                                                                                                                                                                          SHA-512:DCDF94C6280C86509B3D1B12607F1A9EEC67D8EC65AE9BEBF72B50442CD8BA373163D011D9AA346DF12014878B80D528CA769EBF6FAEC9DF5DAA921F591BE449
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-options-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/java

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2225
                                                                                                                                                                          Entropy (8bit):5.389102082736705
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:NOxNxS/Y+3i3cKc+cpC3W0PK+ptCHJCER:Y9i2CB
                                                                                                                                                                          MD5:81A5133C79ACDE4F3C65FC850573AE91
                                                                                                                                                                          SHA1:1B93EA110F8786895D9D18FE20DA1951B13080FF
                                                                                                                                                                          SHA-256:BF7A172CD9AF4BF4B66948294277A38D5D5C48E6E01F16759C5E7838BE4E410E
                                                                                                                                                                          SHA-512:B3ADB4E29DD8551814E227D1EA9D18FDD90B86964D8636D8B372F559015703CF5266DCAFF16D391D6AD4A64C372F1C09EB12FB4D001197E25C3304A4C61F95CD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:/

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9619
                                                                                                                                                                          Entropy (8bit):5.244395471568787
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:2Ar/3q1FNFmMtuhVXdeWG3trOpnb+LXB7ZmX7L:7Q8XPG3tyo9UP
                                                                                                                                                                          MD5:34BDC68A46CC4FFA92664C0E8D85B046
                                                                                                                                                                          SHA1:27E2A4B8B72512EA87AC088A8069A6180F566F9E
                                                                                                                                                                          SHA-256:56A8061AC7A7A8C2422B8104723669E3F45A34373CD66CBD06917D50F549A858
                                                                                                                                                                          SHA-512:68D0FB3EC182175919B42E9C093F13C764EC8A7E7BD0303DCCB17399C26AFD0FFA3BBEE79CC91517BAB0F9CE65BC9411E45677DFFDB6BCAFB3FC1CC523678464
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2132
                                                                                                                                                                          Entropy (8bit):5.202568131798471
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UGEp5ULZwx7/SMhdIelE5PmE5IeE5YMvubTVO6bvB:72x7aFelgPmgIegYZTVO2J
                                                                                                                                                                          MD5:DE9341556E2C8221926C515B6FDA15A4
                                                                                                                                                                          SHA1:C605E762288F97A0285FD8DDF489583952E66117
                                                                                                                                                                          SHA-256:97A0BA89258FAF42EFBCAABABBC5E50DC6AC05DCC0553FBCAC2C81578F05F0F3
                                                                                                                                                                          SHA-512:570BF4659974D4964E8D5D5FAFFED42C4B04FCD26F88B3FC25495D5233B73B542BA762CBFC8981D1106E62CBDD106C25E538D0D2FC3EEC324680B576BFD0B21A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* CSS file for the new bing rebranding toast that replaces the red SS toast */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 5px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 555px; /* Window width is 567px */..}.....card__image {.. display: flex;.. justify-content: center;.. align-items: center;.. float: left;.. width: 150px;.. height: 100%;.. position: absolute;.. background: var(--Grayscale-50-Gray, #FAFAFA);..}.....card__image #green-pc {.. width: 150px;.. height: 150px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;.. height: 100%;..}.....card__content #info-title {.. color: #343434;.. font-size: 20px;.. width: 100%;.. font-weight: 600;.. line

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1895
                                                                                                                                                                          Entropy (8bit):5.377039973471367
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:Iskx0xdE+QXNVMz3WrVMzLKWrVMzQzVMzQXVMzQdEwrVMCntcIbQSk4CNiebvFU2:Lkx0xEUT363kKk+kHCCnKHYkVQja
                                                                                                                                                                          MD5:2E7631BE009F53F4BC0C4BCAB085E75F
                                                                                                                                                                          SHA1:AE844FF61CFBFA424D533F690F1FF9086E0AAAD0
                                                                                                                                                                          SHA-256:8C8774A11B1A7FB40003F6605298DAE6B02FF60FF778329EB820BEE729945FAF
                                                                                                                                                                          SHA-512:63638EEBA0E5586B903CAEB0DF8D7DB5AED0955D3F06C7597F7A60428E0A0B40B75726AC60534D604823A274EB77FFB78F11E75151B88EA808E44FB690F2E19F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-rebranding-bing.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-bing-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\weba

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5141
                                                                                                                                                                          Entropy (8bit):5.110834663201895
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:qATI3xOo49YNYTMhVumnb+iAnZE4wVE8g8BbLHcb+ZOXsa1:qAGxOoKYNMMhvnbcZEDE8g8BbLHcbQOz
                                                                                                                                                                          MD5:2FD635504865420BFDB9EB0FFB0125F5
                                                                                                                                                                          SHA1:D038F72403704565221B0CA62C50120266617128
                                                                                                                                                                          SHA-256:6C7D49F190603FFB148D20D906797BA2C1F70D89BD8F0DE33CE5646414ED1EE5
                                                                                                                                                                          SHA-512:7E3A456CC137CD4930EE85CB040100C4930D89624B3034701968823E55AEE7661F95E5CBB894E7D0B3980365F9A54230C7110D7C9F908D3F96FB2E8287FA591B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.. const BUTTON_ACTION = {.. ACCEPT: "Accept",.. DECLINE: "Decline".. }.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. contentSubFooterText: $("#sub-footer-text"),.. contentbuttons: $("#content-buttons"),.. doneButton: $("#done"),.. declineButton: $("#decline"),.. toast: $(".toast"),.. };.... var langMap = {.. InfoTitle: "SEARCH_TOAST_HEADING",.. InfoText: "SEARCH_TOAST_SUB_HEADING",.. Question: "SEARCH_TOAST_BODY_TEXT",.. SubFooter: "SEARCH_TOAST_SUB_FOOTER",.. ButtonText: "SEARCH_TOAST_YES",.. ButtonDeclineText: "SEARCH_TOAST_NO",.. ToastT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3234
                                                                                                                                                                          Entropy (8bit):5.155227261928706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xmp5ULZwx7/SMhdu/WlE5PmE5IeE5LMs7MFCRPnE5NSubTRqH7xDZK8t3idcjooI:xT2x7aTWlgPmgIegLhcgPgJT0HqGpKp
                                                                                                                                                                          MD5:C94A9247020C241B41D142A338FD4881
                                                                                                                                                                          SHA1:BCA9793666FDE520DD7AA00E0894FB2C310E761B
                                                                                                                                                                          SHA-256:84C636D52F488E71A2130402156F15A5EFD49DB77444B891A536769F4076F940
                                                                                                                                                                          SHA-512:8004EB4733250DE49BB1F15FDC8BA67F26D808FBC22329CC84B5AC2F3BC670CCC51352540A807A07951F949B94CBFCADD0BACBFC4E76673E204F5F22E65FCBB7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 5px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 555px; /* Window width is 567px */..}.....card__image {.. display: flex;.. justify-content: center;.. align-items: center;.. float: left;.. width: 150px;.. height: 100%;.. position: absolute;.. background: var(--Grayscale-50-Gray, #FAFAFA);..}.....card__image #green-pc {.. width: 150px;.. height: 150px;..}.....card__image #mc-logo {.. position: absolute;.. bottom: 16px;.. left: 19px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px 21px;..}.....card__content #info-title {.. color: #343434;.. font-size: 20px;.. width: 100%;.. font-weight: 600;.. line-height:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2721
                                                                                                                                                                          Entropy (8bit):5.322335097429742
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ekx0xAU6323y3kKk+kOCnK0Qm1jRM3ns2QX8CPfcJol:dm1jRMcfX8C0ol
                                                                                                                                                                          MD5:A4002AA3E3F0E30EF1469C1A84AF73EC
                                                                                                                                                                          SHA1:FD3D841B4B585962B781F1576D1222996544FD1F
                                                                                                                                                                          SHA-256:4AC54B8D6A758524EDA81FE7A5958A06238A95F445AD39A71431F8F170281EF5
                                                                                                                                                                          SHA-512:9129BF5EDA0656B7B787B443C61267813271F14D5AB26C6B04C4C421547FA41860DCD5B106CD85A5C047D30B4656AF35F6DEBD05884E99B85BE90C9231CA9A52
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants-rebranding.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bui

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10699
                                                                                                                                                                          Entropy (8bit):5.045521916618284
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:cAntBR7h1zIR8p1YVYGl0AV5Y+joOBuooIZEA8g8BbLHcbJOXe:ptP/zIeINl0AV5KOBuooIZ58g8BbLHJe
                                                                                                                                                                          MD5:A33E9E81828BFAA795AD2A1E3801FD57
                                                                                                                                                                          SHA1:233FCE1A4861DE86473C4C984F229888540B8F41
                                                                                                                                                                          SHA-256:A2D6D1E761318360A483B74128CF6DC75FDDE5D7B59E143442189C309EB55E33
                                                                                                                                                                          SHA-512:B2078C444175020176BEC719E235F7E67A837BFF4A3857CFB5AB31AC37EC5B37E81E328253C315CB18B6C541773A9AB3EA4DCBAEA440338BAE78E096136C53FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. logoImage: $("#mc-logo"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. checkboxChecked: $("#checkbox-checked"),.. checkboxUnchecked: $("#checkbox-unchecked"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. doneButton: $("#done"),.. toast: $(".toast"),.. secureSearchSwitch: $("#switch-set-secure-search"),.. switchInput: $("#set-secure-search-switch"),.. };.... var variantsMap = {..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2773
                                                                                                                                                                          Entropy (8bit):5.2231906109260615
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:xmp5UoZwx7MdDyTgWfx9gazwPpLDqELO1CX7EnulmlwWW:xA2x7M8TgWfx9ZzwRqzk4wZ
                                                                                                                                                                          MD5:2226BB46CA59E0AC878E6FF97E630D47
                                                                                                                                                                          SHA1:FEF92A5C29DE29265E7E5D7FA12C6340173AB848
                                                                                                                                                                          SHA-256:B9AD6EA414C8575EA1A22CBD380DCA07B70097EC69DE2C4910E6F9FF09A8E381
                                                                                                                                                                          SHA-512:364C20867D36D1FAB09615EF0F2F9135D4809063782FA069B027D009A52F5C0D9F33454D2457B90967F390453B630DBF9A68A96E9FF694AA84C13F95888D96DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 25px;.. display: flex;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 15px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2556
                                                                                                                                                                          Entropy (8bit):5.3460996927668205
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ekx0xeexvU2363kKk+kF3CeYYUrOFfp6NnSmsPzI4qJy:5kMOFUNnRs84q4
                                                                                                                                                                          MD5:20DF8C424D9FDC6D9AC7560463CD385F
                                                                                                                                                                          SHA1:BA912CD7E92E522083FE0944F4F61F37FA9959F1
                                                                                                                                                                          SHA-256:4E76CDD5AC54805CB0ED490F5EA2FC282518B041D5260A059E89E1B2C69ACD02
                                                                                                                                                                          SHA-512:8270807EB39F6A301BE40217D9D80C45372E1E39B5A4301F27115702C092F9E20B4B4528A9CD83B3BB59809626C1A738CA15EB3E156C8BC119E60AFE3A1C4012
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_we

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15860
                                                                                                                                                                          Entropy (8bit):5.045192882623722
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:pBhtOz/WohfMaTGrTaTe1GXoK+iJIZut8g8BbLH5Vj:nOyoiammeYokJIZs8g8BZB
                                                                                                                                                                          MD5:7E5B44F4B207191CAE4F09629B5281F8
                                                                                                                                                                          SHA1:9D71C77C3652125B7867C34344CE9F3730728841
                                                                                                                                                                          SHA-256:949FEF7557748FA0A329B605F23ABD28D08C4C542375FE865B84107CD40609C5
                                                                                                                                                                          SHA-512:B6FF9090000BE937F03E32EACCCA421A16A64D5DD4676AB0B14465B2A4F39116F7D294ADBC13F62A5450F451A54308770BAD0CE349E4EF0304D2B40F3236ADCE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. closeIcon: $("#close-icon"),.. labelDiv: $("#label-div"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15991
                                                                                                                                                                          Entropy (8bit):5.052309647002538
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:5B1uHjA9M61F9HRa9nFhxdzzPWQfwGti6+Sjn7:ghi0jn7
                                                                                                                                                                          MD5:D3D2587FDCBD8CF3F8FE881652C68B6A
                                                                                                                                                                          SHA1:5AC86E8BFB1E293882245D4643B2A22116CCCFD7
                                                                                                                                                                          SHA-256:7C4F4F795264026174D9E91FDB8308176EE04931D0DEDFD106444ABCB69F6DD5
                                                                                                                                                                          SHA-512:4BE6AA732893C25F93C543A7030CD6BC848151B6B90EE6C53E1EE3E4783750B59AF998E1DA502847C0168F09723A538EAB342C1FCE07CF05FD06BEB4C9286166
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. width: 761px;.. height: 565px;.. user-select: none;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. height: inherit;.. padding-top: 36px;.. padding-right: 36px;.. padding-bottom: 36px;..}.....size_test_card_content {.. background-color: #fff;.. margin-left: 260px;.. height: 100%;.. padding-top: 32px;.. padding-right: 42px;.. padding-bottom: 32px;..}..../* version 2 3 */...card__content .logo2_3 {.. margin-bottom: 8px;.. width: 88px;..}.....card__content .size_test_logo {.. margin-bottom: 16px;

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4291
                                                                                                                                                                          Entropy (8bit):5.123045962254131
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:raaxkly363k3k5kCZhugy1s8FUYoAkZ6tOms8HDDC2eaNS64V2QXDzanW23W:mhutmYo8jtjDheasZVfXDzanE
                                                                                                                                                                          MD5:914FD5A8F27289295D0FAA9296B7CCC2
                                                                                                                                                                          SHA1:03F0C2CBA944132B6543581F6B172824DF8BAD38
                                                                                                                                                                          SHA-256:5838E641647F67228DE00B3473CABBED6D1498FB8D126737BDCDE618B76E3638
                                                                                                                                                                          SHA-512:B03E870D2479648A07561833A9F6ADDF9BD927E1E46C6624625BC2B8B7CF89C8056539E31C0EF3D15AFF848696A7DF1ABBC3E790A114A18EA4BC2C9122B19E36
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle-rebranding.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20314
                                                                                                                                                                          Entropy (8bit):5.005269775172544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:nMYsg4KeJ0FpttzjksroBrcIWqXub7m9IrNshzHsX:DsrKMYcsroBrAqXub7m9IrN+2
                                                                                                                                                                          MD5:49D2B3F70DECB62F79587D54B77C161D
                                                                                                                                                                          SHA1:A0EB32BFBEAE91CE408536BF26DA67F59C6E8A36
                                                                                                                                                                          SHA-256:48660300406DD22B43F5F54E3616A5A4ADA407C226C4C2D6A029603055A94655
                                                                                                                                                                          SHA-512:DCE75E0C71AEEE0E5A8AD4C8F599EF76440988BDA5A3FCDB8F6E17170D19907070D3F6AE8CAE31C64ED7759AD5E1E38FE1FA30F0445BF5FEAD737A7017F3312C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. var _misc = wa.Utils.Misc;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.... const toastSizeTestMap = [.. { // 0.. "width": "547",.. "height": "332",.. ToastType: "toggle_toast_ss_toast_size_test_variant_0",.. },.. { // 1.. "width": "625",.. "height": "366",.. ToastType: "toggle_toast_ss_toast_size_test_variant_1",.. },.. { // 2.. "width": "700",.. "height": "416",.. ToastType: "toggle_toast_ss_toast_size_test_variant_2",.. },.. { // 3.. "width": "761",.. "height": "565",.. ToastType: "toggle_toast_ss_toast_size_test_variant_3",.. },.. { // 4.. "width": "352",.. "height": "704",.. ToastType: "toggle_toast_ss_toast_size_test_variant_4",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7437
                                                                                                                                                                          Entropy (8bit):5.10415873127051
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:OW0xXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cg1:OWlH2zFguf+c9Ug9K7aO9Y1ba
                                                                                                                                                                          MD5:3843340A9BBFE229C6219CA544750446
                                                                                                                                                                          SHA1:812976ECF142D7805F3588176AAC1E4D0F98445E
                                                                                                                                                                          SHA-256:2C1AA93A32169DF0138FD57DF55B8A6DC8937F8E0AF4315B9B68127680111D56
                                                                                                                                                                          SHA-512:7A12BD7C17322742467EBB9C112D0AC64AE5CAC5E4F69BBEFB6A53236417633B2FC8D4D2AB7999962475B90F4DCF4D238036F5762A64930795CA34E54D7DC25B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__content .log

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4045
                                                                                                                                                                          Entropy (8bit):5.136705413245803
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:raaxLly363k3k5kabWZhuvT0/qUYoAxT75CZUea9S64hV2QXDUanjOOR:fbGhYGYoq75Heac7VfXDUanCOR
                                                                                                                                                                          MD5:6DA584055743278D479C9416DBCE7F9C
                                                                                                                                                                          SHA1:2FF6A9EADE6D045708A75EA6D753342FC1E31BD1
                                                                                                                                                                          SHA-256:DF30A6ABE4D7386FAC8EE233F924116DE5EBA6D3DF15FA90B8E3DB1F2AA0D460
                                                                                                                                                                          SHA-512:D0296825A89344A47322712DB56F4A33D3AD532049D31A7CBBC22AB6F2A401EF56524BBFB2C26D3899C0A6D87AED590245BF8768B946B17D1DF3862826C21C1C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10410
                                                                                                                                                                          Entropy (8bit):5.144798884804033
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:4MAf3m0aWPwT0JrrvhGzuLIhHQnJs1aW9seo65DhOrE/yIrEz2OlgXe:ef4cGyDJkseoBrdIr0se
                                                                                                                                                                          MD5:1E4D79B80A1F6AD1AB812603F435E723
                                                                                                                                                                          SHA1:1DCAA0916B6ADAF97D7FEF48E3170DD31643C7BD
                                                                                                                                                                          SHA-256:C3F4CBEC65E38AC29C62F34E3A6473F96967EC4EA88BF0B4813D08A9E7232722
                                                                                                                                                                          SHA-512:8E5D6131C65A1F80A057A48415F5CE8ED1ECABCB6D68F55B0628323E07CD3FC4D51AA7928C61FA3CE0D6E997268DF41B3DADB8D7E503FC8909BDC8428A734C1F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. var _misc = wa.Utils.Misc;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.. .... ui.accept_extension = function () {.. var $el = {.. version2_3: $(".version2_3"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContaine

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-av-report.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6288
                                                                                                                                                                          Entropy (8bit):4.911633221107463
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:qkKi/9YE82GQyvE7p2Uop1VacAPZnn41/qQNc0:gR4PNYCGc0
                                                                                                                                                                          MD5:CEB9CA0D771CAF69F421B3B722DDA716
                                                                                                                                                                          SHA1:35A67785A3E3DAF2508DED21C10A54407AA7596B
                                                                                                                                                                          SHA-256:52908F8F69C0B3A3AA97BF954F9D0C44F5C05B27721C40B1CBFD718F762907D4
                                                                                                                                                                          SHA-512:E419C3F379D272D24DB5C8BAB1A28D0D2D3B7766F3288D553EBE4290B96635CB3D462A9C8F617024CAFE39FD085004C40DF4634D1750EFCC8B9C209B0CAE31C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.. _lrt = wa.Utils.Lang.ResType,.. _l10n = wa.Utils.Lang(wa.Utils.Lang.ResType.UT).get;.. .. ui.AvReport = function () {.. var settingUrlBad = _settings.get("upsell_url_bad_scan", "1");.. var settingUrlDefault = _settings.get("upsell_url", "1");.. var url = (settingUrlBad == '' || settingUrlBad == undefined)? settingUrlDefault : settingUrlBad;.. if(url == '' || url == undefined){.. url = 'https://www.mcafee.com/consumer/en-us/landing-page/direct/aff/WA_MTP_StaySafe.html?affid=1523&ccoe=direct&ccoel2=campaign&csrc=wa&cctype=mtp_test5&ccstype=mini_vulnerability_scan_91277'; .. } .. .. open = function () {.. var data = JSON.parse(_external.getArgument("report_data")); .. showReport(data);.. _window.show();.. },.... showReport = fun

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4316
                                                                                                                                                                          Entropy (8bit):4.710661775758201
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:+cAFwUkCqVVPCxEeO0pv1xRsxIE3BXDXjZXGG:hASUrqfjetptxRIXDXjZXGG
                                                                                                                                                                          MD5:576EA20B947CE856A4FC1F3BCA64B7F6
                                                                                                                                                                          SHA1:F63DF63B5DE1F41AA24113D8BDF2B7EEEC99B297
                                                                                                                                                                          SHA-256:7F285CB833C1209D2C02D17D358726462CF1FEF4944FC22196A48B76106C4347
                                                                                                                                                                          SHA-512:957A4BE4D7D2E24D360678F4AC7924BCCEF626681002667287E62B12026F1AE943266BD0DE3C203C9E90DD11740C2A73E8476E2D6352C5D98C5336463058AA84
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Accept Extension UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var telBalloonType = '';.... show = function () {.. chrome.webview.hostObjects.wa_external.log("inside show");.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("inside ready");.. var settings = JSON.parse(await _external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... await _window.show();.... // Send telemetry for dialog balloon showed.. browser_code = await _instrument.getBrowserTypeCode().... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browser_code == 'FF' ? 'firefox' : '

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2708
                                                                                                                                                                          Entropy (8bit):4.976828408398036
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:N45ikP03NTwwiIw0X+Zgleg0q3nwYfwR3AhYeYEfTiNAE1ed1RNADSuM+:RdUl3GsKirE0ShuJ
                                                                                                                                                                          MD5:59AF173A81AA4FC1002AC326EFE62BD6
                                                                                                                                                                          SHA1:AB46FDD81C8CD5322B495D42FD3A0467829CFE0B
                                                                                                                                                                          SHA-256:58737651B1A969FDEDD53D37537EF13F549BC230F46AAEB6BC0E013D91865821
                                                                                                                                                                          SHA-512:065719FF68BBF28D45AC6005395C71A64B01C54EFD908F04A2FFA7F8D859AC7829837BA1C65D54200544F52E24982978860A042829AFB39173549AB2AE5AE054
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Download Warning Toast UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. .... show = function () {.. _window.ready(async function () {.. let domain = await _dw.getDomain();.. let fileName = await _dw.getFileName();.... document.getElementsByClassName("logo")[0].innerHTML = (_wa.getProductLogoHtml("file:///[WA_FILES]/MFW/packages\\builtin\\mcafee-logo.png"));.. //$el.status.append(_l10n("PP_STATE_TEXT"));.. document.getElementsByClassName("body")[0].innerHTML = (.. "<p class='content-header'>" +.. "<img width='20' align='middle' src='file:///[WA_FILES]/MFW/packages\\webadvisor\\warning-icon-toas

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-options.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21381
                                                                                                                                                                          Entropy (8bit):3.8681212052565064
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:LravuBFTItTHDiF9ymq4pZpnXEB25hmmvYXOergIKB:PavuBcTHDdmRHpXEB2UEI6
                                                                                                                                                                          MD5:E17CC75340EA8C62160BA8B706CADFB2
                                                                                                                                                                          SHA1:9AB96311356C9045ADF9F8D475567E0DE45B50A4
                                                                                                                                                                          SHA-256:ECDDE28C2752BB014D39ACEACFE08F9502D6E1FFBD2D36B3D18F921A00DD7F0D
                                                                                                                                                                          SHA-512:C41AF41D92D599F2CCC3D1C44FB8119FE863CA33C882D6808712C8280E16DCB7B7AB348A572FD83726E094C461D8089F72C3237EA062D518F641902AEDFC0C58
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2680
                                                                                                                                                                          Entropy (8bit):5.237427075220709
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3Xxtxc/4363kKk+krCe4T+DSSqor5beIwEeIYuAix7x:O8ztb1/7x
                                                                                                                                                                          MD5:BAC103DB6F861B68E3BFF6B80CC7163B
                                                                                                                                                                          SHA1:F39514FE1BCE1EA0CB1799F416ED328F6635BFEA
                                                                                                                                                                          SHA-256:4C54A5A7DE9A27B39CB5434F7047E8A33767BF6F5B113529D3724A0FEE1A37C7
                                                                                                                                                                          SHA-512:7F41D0A6DDC61352C1A30326B50A0517426E28B3E686413CACD85D214A7C16FC8BD36C3C6BF5F09904671EDADB8E316BC76DACF439A64B13015CF81316ED4EF6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-upsell-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script t

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15043
                                                                                                                                                                          Entropy (8bit):5.1288350061480426
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:+0/PfJTvqz3NbDdvSNOsxyVcNvKTvY6TdR/OsxTtwXMT2OpUF/0Ul:zPfJTvECBxyuNvKTvY6TjBxWcTRK
                                                                                                                                                                          MD5:C75DD64D0805B8CAAD75C26B994D5829
                                                                                                                                                                          SHA1:908943FCF860DEFAF3C8FF65AB38A9A5924A08D3
                                                                                                                                                                          SHA-256:1AA32F82F2BAD433B057BCF7B1D1B97520343DBE5CC40873474456E9CD65400E
                                                                                                                                                                          SHA-512:8C6A5BD24139A794FA0C5B85F1DAE2860BF71C72A5439BEFCA1C988C4D6DC4C4BC23531CD474CCE897261436B142E950352B470321F98A5E4171F86A75F5041B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. case 3:.. return new ui.GtiUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5441936
                                                                                                                                                                          Entropy (8bit):6.506710019612722
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:016kzANE8yhtlohyWQ0iMuVjb3yyPZSeACMjWpjMvc7pgHiDj00FLy4JxviqxP1d:M5o2S5CMjyI0DhiAP1QCHom8ti5
                                                                                                                                                                          MD5:B928B80C5DF851A97642E3E97DFF1B6B
                                                                                                                                                                          SHA1:79807701066824CB26924CE448F6425C55D42D22
                                                                                                                                                                          SHA-256:7F1396B074C4D49F8CE7D7FBF9F8905A20B50A03AD6C5FD657CB31DC068B5D42
                                                                                                                                                                          SHA-512:895B9A958A2517A5AFD9A7FB1F8F3D6749A2B2540F44D26C8C643BFAD718ADF2A59137ACBF2836B29B82D13F0374E4698860D6D7206FD7AD7D8F065AD445EA4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......NJ...+j..+j..+j.ASo..+j.U...+j.Un..+j.Ui..+j.Uo.w+j.ASi..+j..^n..+j..To.O+j.ASk..+j.ASn."+j..+j..+j..^n.K+j..^o..+j..+k..)j...o.[+j..Tc..+j..Tj..+j..T...+j..Th..+j.Rich.+j.................PE..d....YWg.........." ...$.N?..........{6.......................................T.....hbS...`A..........................................L.D.....L...... T.p.... Q......&R......0T.8}....G.p.....................G.(.....C.@............`?.......L......................text....L?......N?................. ..`.rdata.......`?......R?.............@..@.data...$.....M.......L.............@....pdata....... Q.......N.............@..@.didat..p.....T.......Q.............@..._RDATA..\.....T.......Q.............@..@.rsrc...p.... T.......Q.............@..@.reloc..8}...0T..~....Q.............@..B................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticscontextconfig.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4109
                                                                                                                                                                          Entropy (8bit):5.532740544042154
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:fDHfl13RqCJ0Q6kQ22E0AOY0T3AiNJI3XVtjjakIXzr9Ml72Yq38lrr/XZ1yiODU:fDIZB1JSt/akIX/SfsuuXA
                                                                                                                                                                          MD5:C03BD6B041B92FBFE8FA15532762A8F9
                                                                                                                                                                          SHA1:2F4DFD37F7FCFA8FB270717A6CB281A4E5EA8B58
                                                                                                                                                                          SHA-256:15FBA1DF5671D8CE05DB40365BAF5A57C9D35230AC74D432058B8CF48BB3A5BE
                                                                                                                                                                          SHA-512:512480E8526EFC1422A9351484E4C53F0D4ABECEB350ECCE7B47652789186C1A95816F4845BF9F3FDB03667EEEFB8B411DFC789A9514703EC32F5632DCBBDCDE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........A.h5.>.5...5...=...5...=...5...5...=...5...4...5...>...=...=...=...5...=...5...=...5...5...=...5...4...5...>...5...>...=...=...=...5...5...=...5...4...5...>...5...>...=...=...=...5...=...5...=. .5.!.=.".5.#.5.$.=...5.%.4...5.&.>...5.'.>...=...=...=.(.5.).5.*.=...5.+.4...5.,.>...5.-.>...=...=...=...5./.5.0.=...5.1.4...5.2.>...5.3.>...=...=...=.4.5.5.5.6.=...5.7.4...5.8.>...=...=...=.9.5.:.=.;.5.<.=.=.=.?.7.@.6.@.L....context_config.contexts....contexts..wa_smart_toast_attributes....setting&context_wa_smart_toast_attributes.handler.SmartToasting.wa_mss_plus....setting.context_wa_mss_plus.handler.MSSpStatus.user_account_id....setting_name,CloudSDK.cache: GET /account/v1/details.key.account_id....settings..handler.AnalyticsWPSSetting....db_name.vso.hash_id.IDENTITY.property_name.accnt_id.handler.WSSSetting....wps..handler.AnalyticsWssWps.setting.context_user_account_id.wss..product_productkey....setting_name1CloudSDK.cache: GET /subscription/v1/details.key.product_key....setting

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1732
                                                                                                                                                                          Entropy (8bit):5.803537322068206
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:AnBciTKqN5+eO96lrbNiFiuUDqKMZO58Aa4Jq7X:ABci+SOMEFsD5MZOs4c7
                                                                                                                                                                          MD5:F95591D0A3A0594302407DF873650871
                                                                                                                                                                          SHA1:FA985B428AD5FC22E30365D4FF0E39D25B2F7D8D
                                                                                                                                                                          SHA-256:78B7D8928C3412B9CB2A0399680F0A87CFEE16BF491C85A880385F5292AD9D4C
                                                                                                                                                                          SHA-512:A6FB50E9B3C5027CE5F3E294E1CFB554FA7D068A924AFBD6248C15CF1012CC49DFAA4CD214FA2A6F817B5AD4A6C1E8AFE6CF6E2E78E0C61AEF43039BE6CFDC36
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........e....X...'...L...6.......9.......B.......X...6...9.......9...'...B...'...L...........X.......X...6...9.......9...'...6.......B...&...B...6.......D...X.2.6.......B...6...9.......9...'.......&...B...6...9.......B.......X...6...9.......9...'.......&...B...'...L...6.......B...H...6...9.......9.......'...6.......B...&...B...F...R...8.......X...'...L...8...6...9.......9...'...6.......B...&...B...6.......D...,AnalyticsWPSSetting: value returned is . = .pairs.NO_WPS_KEY&WPSSetting: JSON parsing error - .decode.json_parser%WPSSetting: wps json setting is .tostring"WPSSetting: wps setting value.NO_KEY.NO_WPS_SETTING WPSSetting: wps nil setting.info.log.core.get_setting.wps_utils.NO_INPUT_SETTING........L...@.......6...-...B...X.......X...+...L...E...R...+...L......ipairs........D6...9.......9...'...B...5...3...'...-...9.......X.$.6...-...9...B...X...9...9...6...9.......9...'.......&...B...6...9.......9...'.......&...B...-...........B...........B.......X.......X...E...R...-...9......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswsswps.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1308
                                                                                                                                                                          Entropy (8bit):5.5549248879182
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:64svoMGnu0xHB1bKNQnuEKSNAdoCsqXRb7UcVzoFsqXRAKJDMOrDYyMyJ1+s9n:1u0xjuE+oeXRJ1oLXRnJDMO3YnyJR9
                                                                                                                                                                          MD5:9F762363448B21B52ED22BEEF55CADB0
                                                                                                                                                                          SHA1:5114D43B90400D2EE8E6DBB0ECA387B4B6B43ABF
                                                                                                                                                                          SHA-256:E7FA982865963C175239D51404B3887FCDE39649677FF283269DD03FA4BF8E93
                                                                                                                                                                          SHA-512:6389B363BFCFB30D61AF3479932B984F4182DB9E00B7AA45475EBB991602F7688AB8601700486BF9DBBD32B7D25099DD5D1EBA377C7F44874B9AA0292DC84BFB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........m-...9.......9...'...B...'...6.......9...B.......X.0.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X.=.-...9.......9...'...B...X.6.-...9.......9...'...B...X./.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X...-...9.......9...'...B...X...-...9.......9...'...B...L.........]AnalyticsWssWps: Expecting wss subconfig and wss handler in context config, but got nil.:AnalyticsWssWps: Nil wss context handler encountered..wss*AnalyticsWssWps: WPS is not installed]AnalyticsWssWps: Expecting wps subconfig and wps handler in context config, but got nil.:AnalyticsWssWps: Nil wps context handler encountered..err.get_context_string.new analyticstelemetry.context..require.handler.wps&AnalyticsWssWps: WPS is installed.is_wps_installed.wps_utils.$WssWps: main get_context_string.info.m_loggerR.......6...9...........B...3...=

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserinformation.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5024
                                                                                                                                                                          Entropy (8bit):5.770690003003992
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:ph4Uw0908YNdY4a8PbjZDoFeuZCkv886A4A7AaAXzAMAwhsGU3JF5uXrK3yWK/8R:/xhdYN8YbuwW6zOJF5uX0yw5QCGIh75
                                                                                                                                                                          MD5:866CC52507CA218A57C37DBC6D1B0F18
                                                                                                                                                                          SHA1:4255A5A017EFCEE25D17184B7100171794016CE0
                                                                                                                                                                          SHA-256:B02F6980B1584CD74BF035C853763AFBB3C790E6A2A4CA3009DA2327938D2467
                                                                                                                                                                          SHA-512:84683E36908F16C787E3BB89F9B86288E694130F15A0EFD0C67882940994470F85BF1C68208D50F0DBA1883637B8644E0931143B0D1AB45B0345411D5F1C5D2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........(6...9.......9...'...B...5...5...=...5...=...5...=...7...6...-...B...H...-...9.......6...8...9...6...8...9...B...6.......9...+...-.......&.......B...F...R...K..........SetOption.settings.value.key.get_browser_version.pairs.reg_info.ed....value.version.key(Software\\Microsoft\\EDGE\\BLBeacon.ff....value.CurrentVersion.key%Software\Mozilla\Mozilla Firefox.ch....ff..ch..ed.....value.pv.keyNSoftware\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96};Inside Browser Information set_browser_version_setting.info.log.core........-6...9.......9...'...B...5...7...6...-...B...H...-...9...6...8...+...B...6.......9...+...-.......&.......B...-...9...6...8...+...B...6.......9...+...-.......&.......B...F...R...K............SetOption.settings"get_supported_browser_version.pairs.browser_ints....ff...ch...ed..CInside Browser Information set_min_max_browser_version_setting.info.log.core........<6...9.......9...'...B...-...B...-...B...5...-...=...6...-...B...H...9.......X...4...<.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserversion.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):983
                                                                                                                                                                          Entropy (8bit):5.811447092108564
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6J2msRGv1RWv8KD8RY7o7dOfTSOqyKRb9e3C4idAlu9:CR0jD8y85OfTSOqyObZ59
                                                                                                                                                                          MD5:A25D8091FB26EE6A7458652C3C1BF9B8
                                                                                                                                                                          SHA1:FF482DC8A1A5B26431547A51F839486B0BD103AD
                                                                                                                                                                          SHA-256:23230778AB8040779191D967776816727B9FFF3ECEA33D2EA6FB8BAA7E3A2669
                                                                                                                                                                          SHA-512:81C79694AC181B5C4608EDCFCEFB3EE32150943E4F23819982CAF35642E9587606EEC974FE21A300ADFAE1FD2E223F9EC298EBC2DE63832B85DAC218BCB3FB66
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........H4.......X...4...5...>.......X...4...5...>...5...>...5...>...5...>.......'...6.......B...X...6...9...9...9.......)...9...B.......9...B.......X.......9.......B...........X...6.......X...X...E...R...'.......X...6...9.......'...B.......X.......X...6...9.......9...'.......&...B...6.......D....tostringMCould not determine browser version. Returning default value. Browser = .err.log.%d%.%d.match.string.0.0.verion.QueryValue.IsValid.options.root.Registry.Win32.core.ipairs.....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM.iej.......'...6.......9...........B.......X...6.......B.......L....tostring.GetCurrentBrowserVersion.utility..........6...'...B...4...3...=...3...=...2...L...."get_supported_browser_version..get_browser_version.mfw.core.Win32Helper.require...//8FC43CD86ADF4C255D43DFF442E6AF1F4BB3F901EDBC2D3217794054192A6CB20C93D1516BE49D8123645F7C275274C167D61D5D2558EA67367D467C5C428385++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):422
                                                                                                                                                                          Entropy (8bit):5.250436371747685
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6lK3t4LqtAoIulNhWjGWA6q4Tf9q4Tf9qy/jmhSAz9eTWTWXUKWdenWImU+1W1Uy:6I9OuHhWqWBtJjmhzRbaEDGDmQ1UBE
                                                                                                                                                                          MD5:4DD5FF4438678AB1E72D2FCD25608644
                                                                                                                                                                          SHA1:7AED7C79EDD11115A478AE2DBB597855BF4EA7BC
                                                                                                                                                                          SHA-256:D2839001CCD1C7F54048938D7107F0B8DD89F15C3272F58FEA3C5310DA67E05B
                                                                                                                                                                          SHA-512:975D509D422E51B1041010B321FF88E8201EA573F0A7C71398BC646CCD93A7BED234BAB3C55E87F03E9773C89BDB5DF0F3E7DC1B9BAF93ED369E30B7E95752E5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..@.......6...'...B...K...'get_context_string not implemented.error........-...L.................K.....x.......4.......=...3...=...3...=...3...=...2...L.....set_context_config..get_context_config..get_context_string.m_logger;.......4...7...6...3...=...6...2...L.....new.ContextHandler...//3080B3F3C14226C41C47FDBD3F5B14D73EE65B632CE3EAF4D1C1E5818E51DB3A224A6B2FEA110F68D8860A1A0785A0C44213C7D29E188A5E32D600C39C979631++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\externalutilityfunction.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):897
                                                                                                                                                                          Entropy (8bit):5.5657914963715145
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:68i5J1Gn4Lel9awpSLdVf507iDaXU0XlLRNMSJ1xF7VDG:ti5J1venD4Vf5Coj2RqSJx78
                                                                                                                                                                          MD5:15EFA1987698A34AEE0CD6A4DC3C50F9
                                                                                                                                                                          SHA1:43B47EEE1ED9D2FE0ECAD31A1CCBCC410FCCC663
                                                                                                                                                                          SHA-256:7652C7B9C7A89EF7299DE4EDB39AE0FF0CF74935A836EAA58A514E5A098C5FE4
                                                                                                                                                                          SHA-512:A1BC05E7064B5611A158F398227EB8E86B2CCC28B0BA2D8BBFB0E07F423CBEE888742860F87617D76991A07D9A0BE8DC6544766F76965FC60850CD08462A6589
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........>-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...'...L...6...9...+.......X...9...8.......X...-...9.......9...'...9...'...&...B...6...9...D...........B.......X.......X...-...9.......9...'...9...'...&...B...6...9...D...6.......D.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultQInvalid configuration supplied to external utility function context handler..err.m_logger.func.default_no_value.get_context_configR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.ExternalUtilityFunction.analyticstelemetry.context.ContextHandler.require...//F11BE6B6083D669E81B3318260DB49C1A6BA6886ABA9AE0B562547EF3DADCCD84B64E5D3EA49856CFA12C71534154BE7476D1A063F866AADDAA2BA393C20A894++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\featuretrackingfeature.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7498
                                                                                                                                                                          Entropy (8bit):5.613792909770243
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:ZjWEqmnipj7pRakfL6HQVS65L6D0Y08N0IVX6Mak6Sj2bA6XCoG3ipGHbFT6Zvv5:RWdmnqRakfOHQVS65OD02N0IVX6MatSI
                                                                                                                                                                          MD5:0CBCBE117A18F9ABED1941BA5DAD6724
                                                                                                                                                                          SHA1:D172160C5746773442053B0D3BAD363506A23DD6
                                                                                                                                                                          SHA-256:156F8108183292BBED329C4F77DB61A773DC53B370C3BF707E480224CAE7012E
                                                                                                                                                                          SHA-512:4E220E5D820F56690F1604035BDF5122FEC482EF1F8A189A2AC97C98AA8B3050FF54893CD51141AF16711DAD37708AB1617A7BDEDA5B5DE393BF675403DD1564
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..V.......-...........-...-...8.......X...-...-...8...-...-...-...8...8...J...K..........d.......4...6...-...B...H...........<...F...R...6...9.......B...)...3...2...L.......sort.table.pairs.........]'...-...B...X.V.'...).......)...M.K.8...9...9...9...9.......X.,.....X.*.....X.(.'.......X...6.......9.......B.......X...'...X...6.......9...........'...B.......6.......9...6.......B...6.......B...A.......X.......'...&...X.......'...&...X...8...9.......X...-...9.......9...'.......'...&...B...X...-...9.......9...'.......'...&...B...O...........'.......'...&...E...R...L........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.tostring.IsMatch.regex_helper.GetOption.settings.get_setting.wps_utils.wps.setting_source.enablementCriterion.enablementSetting.scope..,.........6...9...........B...6...9...3...3...=...2...L.....get_context_string..FTF_Registry.FeatureTrackingFeatur

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\hashedmachineid.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):488
                                                                                                                                                                          Entropy (8bit):5.505647062582451
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6jot8h2HMHGU4iCkSR7zt0GJWJJKvx/JAT8V4JK5yfH:672sHG/wSByGJ1/Vzyv
                                                                                                                                                                          MD5:A0D19CE46D298D28D47F331342797B4E
                                                                                                                                                                          SHA1:DAC13ACF4870EA3737DF06481B735DDF4B11C60C
                                                                                                                                                                          SHA-256:40D623385CBF2B317E52A4DE925DC5DE7E4274BA3B7BE40D248B453AFAD8A9F1
                                                                                                                                                                          SHA-512:1953CC8E6C4F59AAC53E2814CC75E1D35017FC091A5F65EBB069EF0CFD789ED0E0777D310CAC2B713EFDAEB14CF6D00BA328D604CCE94B287CFE588DBFFD2AF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..O.......6...9...9...9...D...#get_analytics_hashed_device_id.MiscUtils.utils.coreR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandler.........6...'...B...6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.HashedMachineID.logic.MiscUtils.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//42289B8895B1C7516C40DE9647D457D33DA846606CEE4E4E1023BCB7D8500F556F540615A20611BB1DF5308BB061071F509368AB30AA0CFB7D9D44E0270727FE++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\msspstatus.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2001
                                                                                                                                                                          Entropy (8bit):5.683033574229011
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6iSHUuceVdlgG13dShqVJCaZRetV6mclRiXvAZeyUepCGOODGAcncnlMAGJ1LFY:o/c8lgG2qfCasDclRiXv57/7AznlIJc
                                                                                                                                                                          MD5:039A8A6A04B7518B71F13F9CF2E9D2FC
                                                                                                                                                                          SHA1:8F6585AFD091DA5C60A0EDDAC7374D4A600F25A1
                                                                                                                                                                          SHA-256:EAB606A14D5DA138B3F9A84C5E91581ABFAF6E47DE64D1979617E68C5F7A0983
                                                                                                                                                                          SHA-512:4B1F17BD3E170F0B004E9AA950966D9D104C554D5907612AA029A908CFD248A0EDAE2F2EB2E59ECADFB3141185EAA44B8C50934632A7B1015C1A8D16E13C09AE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..k...........9...'...B.......X.......9...'...B.......X.......9...'...B.......X...+...X...+...L....|.&.%%.find........1-.......B.......X...-...9.......9...'.......&...B...+...L.......9...'...'...B.......6...9...'.......'...&...B.......9...'...B.......9...B.......9...'.......&...)...+...B.......X...+...X...+...L........Directory of .find.close.*a.read." 2>nul.dir ".popen.io..\$.gsub%Unsafe directory path provided: .warn.m_logger........*'...6...9...9...'.......)...*...B.......9...B.......X.......9...'...B.......X.......X...6.......D...X...-...9.......9...'...B...'...L...-...9.......9...'...B...+...L..... MSSp not found in registry..version_not_found1MSSp 'DisplayVersion' not found in registry..warn.m_logger.tostring..DisplayVersion.QueryValue.IsValid.HKLM.Registry.Win32.coreYSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan............'...-.......B.......X...'...L...-...9.......9...'...B...+...L.......3MSSp default installation directory not found..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):847
                                                                                                                                                                          Entropy (8bit):5.708275070666962
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6AnfqeIYFxO8waLvpV53SaTMzJ1JSsX3Drp:znfqlY7lwaLvpX3DgzJrFnR
                                                                                                                                                                          MD5:9633786E7B2D8F01C93BED81B46CAF28
                                                                                                                                                                          SHA1:6F5D13B9073941A42AF8DC28ABC03AB0D319C6A9
                                                                                                                                                                          SHA-256:FDA3EB21E2C11ADA68801D7D68FED22631BC1AFE935A9D9B16AA1EFF230FF627
                                                                                                                                                                          SHA-512:9C2A9983F1F0FC0635DDF591D7C8EAD5FB46DAD54C00705DD3DD08D2C79DC279FC72CFC298B991FB2999BA2FB515BDE4FA194273695BC352258F6421B54D74C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........;)...6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...+...B.......X.......X.......X.......X.......X.......X...)...6.......D....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SAMRecoverable.analyticstelemetry.context.ContextHandler.require...//47798BE70729F8A1EEFD6036B941C76072E7D2AA74B9DCBE45CA772C9271F8D22A1E1777B9CF55BC242E1D326BD02269E8BE9330CEEC96BA9DB8708760A46ADA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\sequencenumber.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):520
                                                                                                                                                                          Entropy (8bit):5.460800424784102
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6bkleqAuDPPVIVJn1qW9icHJXOefoij4MDrWjJWJJKfmKB+3kEkjN0Zru:6AeqBcn1qW9icp+egTMvWjJ1fWqN+K
                                                                                                                                                                          MD5:8CED50C7DCF9AF1463B742D73D307648
                                                                                                                                                                          SHA1:BC506813F7FDB583A34A6C3F64EB7ED5B2FB09E7
                                                                                                                                                                          SHA-256:81B816CE3A963016ED31CFFBCE98258125EA7ECC81528770241D70636DEB564E
                                                                                                                                                                          SHA-512:8F5BB331E06EC06C3C31FD8BB8203436A47C48C8261B470A5665FD83E121F88DFCD1AB4FCD91D8B16B76D95BA2A3627EE8F91BE86FBF072B30E103B2A4F43C2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6.......9...+...'...+...B.......X...'...L...6.......9...+...'...)...B...6.......D....tostring context_product_sequence_id.0.*AnalyticsSequencingOn.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SequenceNumber.analyticstelemetry.context.ContextHandler.require...//7ED560EC7ED4140568726798C41191271970B2B3A2CA8082D40711DC7A015F3B538C0B6F25B9D40CE2CEC10A9B37B6639B9D5832AF7B155D762D9893E9091CFA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\smarttoasting.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):972
                                                                                                                                                                          Entropy (8bit):5.4279273266494865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6XWL2ZIiFTncarkwIRwVxneUsqPGGIhOBf49WMmlUJ1pA8GW:WWL+IiFTcarkwIRwVxneUsvGIhM49z7D
                                                                                                                                                                          MD5:43926FBC1D75C72914DC526D8A1F4E5D
                                                                                                                                                                          SHA1:BB85D6E30D1A49B8E7F657700648F25629C86B5C
                                                                                                                                                                          SHA-256:E4B140B78FACE5B057234BA67C5814DB152C69B989C63D4C21186CEA4514F84A
                                                                                                                                                                          SHA-512:100A67368B18A0A4196502C0F76A30CA010D673CE0411D308387F096FF00E16F5DD7484ED9F76DE1D1513E1E74C132BF87FE3C0F28E3EDA87A3D70B5F375CEB4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........../5...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6...6...9.......B...C....encode.json_parser.tostring.ml_model_version!smart_toast_ml_model_version.ml_iteration_version.smart_toast_ml_iteration.selected_config_id.smart_toast_config_id.api_configuration_version&smart_toast_server_config_version!client_configuration_version....api_configuration_version..ml_model_version..ml_iteration_version.!client_configuration_version..selected_config_id..unknown&smart_toast_client_config_version.GetOption.settingsR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlerx.......6...'...B...4...7...6...3...=...6...2...L.....new.SmartToasting.analyticstelemetry.context.ContextHandler.require...//618E7BA1E3117C447104D23D8FEEF00B82E662888D67C182F0CE87C845271F7EECE0EAF31D15FB2B2723CD066FE2F2593527F4AC9516E7A093E00A95C77A10F7++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionexpirydate.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):594
                                                                                                                                                                          Entropy (8bit):5.596923483315471
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6uPWQZbCntmkkkkkaTzorpsV4M7RIJ+K0Ng2Lh085pBVz:6uP9bCngkkkkkNreKMqJ10S8Lb
                                                                                                                                                                          MD5:80BCA5731A602CD79F2A2DA337402C96
                                                                                                                                                                          SHA1:130DFB22FC0C0A3BB981F4CF528DF4D90121BC7A
                                                                                                                                                                          SHA-256:61634B00689F0416EBD55AE68997674C381861926B9DB90926D6CBD01950DAF5
                                                                                                                                                                          SHA-512:F26F763964B0E3E74F52326706F916FAD17FCA17EAC36AF50EC2917B2775FCFF04C047ED156E61D4E0720ED4A76138016A1DE6322781AF77C219F08CA8D04166
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........&-...9.......9...'.......&...B.......6...9.......'...B.......X...6...9.......)...)...B...'...6...9.......)...)...B...'...6...9.......)...)...B...&...L......-.sub.^(%d%d%d%d%d%d%d%d).find.string+SubscriptionExpiryDate: input date is .info.m_loggerI.......6...9...........B...3...=...2...L.....format_output.new.WSSSetting}.......6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionExpiryDate*analyticstelemetry.context.WSSSetting.require...//08BBB25746BEDB8D6E20EBEC76AE08313EB9543AFD946830A86CF53D60A442475667B8EA9B4382B231C7DE19146F7BA5E838F75C9E6B65A483088B3AE6E505BE++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionstatus.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1106
                                                                                                                                                                          Entropy (8bit):5.524719903516146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:68K9YrN+Iuz8iWm4CDopXVXHLhN8FlKCzqWb2lLzJJvUJ1o1poO:FKuN+sppLhN87KCz52lLFJ8JGvT
                                                                                                                                                                          MD5:C9DAF06D7876220352BAEF73C942A405
                                                                                                                                                                          SHA1:8BCF45E754780188F7556A89DF5E3C5292FA7804
                                                                                                                                                                          SHA-256:25D5A6478B95AA2812B5B71D0B829B8DD60F04F916E540C3B637DA0BB5498F31
                                                                                                                                                                          SHA-512:52CC2B5E59325CC9B4134AFE2C91B53F3D7404671891613527990F70B7D4EAA706089FF36C3D25102A36DE3CBF22FA426095266ED1C47396AC0690C3156470F2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........J).......X.......X...6...9.......B.......X...6...9.......'...B.......X...)...L...6...6...9.......)...)...B...A...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...9...5...=...=...=...B.......L....day.month.year....hour...day..month..year..time.os.sub.tonumber.%d+.match.len.string..4.......6...9...6...9...'...B...C....!*t.date.time.os.........-...9...'...'...B.......X.......X.......X...L...-.......B...).......X...'...L...-...B...'.......X...'...X...'...L..........expired.active..INVALID_DATE.UNSPECIFIED.NO_APP.NO_SUITE.settings.vso.get_sub_db_setting{.......6...9...........B...6...9...........B...3...3...3...=...2...L.....get_context_string...WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionStatus*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//B23AB20321960D98689F7675

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptiontype.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):538
                                                                                                                                                                          Entropy (8bit):5.533769534729744
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6xnSlRXZQXFcg89rg0lr7JJvUJWJJK8IR6PiiVH6Wkdh:6M1aOPDlnJJvUJ1WiuHg
                                                                                                                                                                          MD5:C95DAAEA59951DE6DA7198F68FADF0DF
                                                                                                                                                                          SHA1:76C384BF454AB2196AD781D7ED581611218083FF
                                                                                                                                                                          SHA-256:A03587A466C47394325A3AE0EA6564B6EE7781ACDA52DBFB10FDD27F24B15596
                                                                                                                                                                          SHA-512:BFEE79901D005E04839174ECAB6C70CBDA02235A403D9261D6C3E59114028FC5A9D9CB04FC15D7A40A5F8E4167DDBDEFB6C595F8C06B2742688E96D6783AD0D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..l.......-...9...'...'...B...'.......X...'...X.......X...'...L......paid.0.1.free.trial.vso.get_sub_db_settingq.......6...9...........B...6...9...........B...3...=...2...L.....get_context_string.WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionType*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//11EF221A65A8089498DFA65ABA8462CA418FBA7BD92C7F7DB9F4579FA226B34A88F3ED0E7EF1811D41C3BC7BAF0C60E4040249C986F94027FC1851E720355E7F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\suitestatus.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):857
                                                                                                                                                                          Entropy (8bit):5.605404148897678
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6K2KHgolfJ+6HmReFYfaHSSTXy6/ynul82t/CCGfOzmik2lrDQxL30GJWJJKyudf:6LSgolbGXSPyKOq8s/le2l4xAGJ1O2jP
                                                                                                                                                                          MD5:603393BD8D0BCB5264BB142C09E4B0C4
                                                                                                                                                                          SHA1:B5F29709DEA7649807C5865F272A4274B4874E77
                                                                                                                                                                          SHA-256:16EC82174D4D3681E3D9CF35193DAA0CEC0AF6E78CDC70C068D66D8CE160A6FE
                                                                                                                                                                          SHA-512:AA716B29E1BA8079F3F281CF4DDF60D043CE8F6E138CBB839C655FAF401E004F63D5F6C93D15B177B0CAED4C47356614CB8512EFC9ECB2DDB4AD7BE366A962A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........&)...6...9...9...'...'...)...*...B.......9...B.......X.......6.......9...+...'...+...B.......X.......6.......9...+...'...+...B.......X.......6.......D....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......-...9...B...6.......B...........X...+...L...+...L......tonumber.get_suite_status..&.......-...9...D......get_suite_status.........6...9...........B...3...=...3...=...3...=...2...L.....get_context_string..is_suite_installed..get_suite_status.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SuiteStatus.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//D62E179CA9F974ADA822EE17391FDFE2DB517C1F6813ECF1706058473BD8BFE9177D7862D5EF6109598C14026F7F41E96B0C820F28150A65432AEBBC84D4DF05++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionexpirydate.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):472
                                                                                                                                                                          Entropy (8bit):5.5653649919561845
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6YkglNLnYklpsvcRu3U4M4rJ0NRu3pKFDHWlXb8h:6JglN7YkleZ35MSJ0NRu3k2oh
                                                                                                                                                                          MD5:2A3473A5C4CFEF019E934480007F9F20
                                                                                                                                                                          SHA1:9ADB42E46C3773630526AF9445E9997334D47CC1
                                                                                                                                                                          SHA-256:44468A6FFE1B3EC0B7675294A5FDF0B46A53602E3F8961A04A4EA2D63F2BE4D7
                                                                                                                                                                          SHA-512:BDCB4828078FAF8D7E7F2411D76F2C251B99F7D7B71034DADA31AD77F7E9B0CBA26F59BD6AF79E8C1C9F944D1A766507E083422EFB50F8E2324B86FDD403E356
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..m.......6...9.......'...B.......X...6...9.......)...)...B.......L....sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionExpiryDate3analyticstelemetry.context.AnalyticsWPSSetting.require...//87D046D26C7DAED16B25681CBE5E60A60A7DDF56F91176923720189008293AF6DA7AFDD1C98C84758AC2BE8E2111149CF7F32E06244607B383081B978BF56970++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionstatus.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):582
                                                                                                                                                                          Entropy (8bit):5.585042877052748
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:67k+e+rvD2xZBzroBWpsvcRu3I4Mv1J0NRu3pKWTdhA2qTC:6hVvD+ZB4BWeZ3NMv1J0NRu3kGqTC
                                                                                                                                                                          MD5:ABB076906A20B54903AB7E03979D0F29
                                                                                                                                                                          SHA1:6E288784662F4CAB02DF225899EF261B89035F0A
                                                                                                                                                                          SHA-256:AAD6C1E611CDFE275D8D708ABBACE0B1F6FEB4F6FA6E509AEFF4B7D6D5C610A8
                                                                                                                                                                          SHA-512:B86497766AA7E4C4EDAABFCCA612DB2C32C19908D0F22467F337F1365F310A2B6059EAB979298F0EF9D332E44B8B169E69D490EA5F33371552DDF2B307D57D6F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....expired.active.ipairs.....trial-expired.paid-expired.....trial-active.paid-active.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionStatus3analyticstelemetry.context.AnalyticsWPSSetting.require...//3EDABBBFF1370903FE86FBF74ED65B089A8ADCA584AD7ABA40788E4DF778A1DB9BBB5BFEBC323BBED49CFD3C03BBBD003EF9B5A00DCE710E742D4D8BF0CFE72D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):576
                                                                                                                                                                          Entropy (8bit):5.590487718848391
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6/kx+rvDcoK29ppsvcRu3m4M2YJJJ0NRu3pKcYipivfRCxQQ8Au3:6/kmvDdPpeZ3XM2WJJ0NRu3kcY+YfRCM
                                                                                                                                                                          MD5:42521526124AA6D77D4115EBA907F000
                                                                                                                                                                          SHA1:3BA7CA231758D4174A709250DD6506C257C85CDB
                                                                                                                                                                          SHA-256:4A4B8E1A965CE846A3A9E69F03DF45AC99BE319C1A7612BAD86AB6FB18198399
                                                                                                                                                                          SHA-512:64A644A236232E02DC903293A490E649766C28615FE8A27BE9BD7BBCB2026BA64D7826292D3A226359D97C7F0E7944B99888848DFFFDA3EC2A02B00098B15DF3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....paid.trial.ipairs.....paid-active.paid-expired.....trial-active.trial-expired.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionType3analyticstelemetry.context.AnalyticsWPSSetting.require...//BDE5DC05FE6A42D5F6E58E62E92580FCC150A2A8517874E86447691279B3B88A7F242E05CEE69EB6C73ACEFFB87B3F0F8F123456A87A8F5655E54E0EDCA5EA79++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1244
                                                                                                                                                                          Entropy (8bit):5.804731252510459
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6x6wckmg85AjHwRf8FlNXqzngq4YlP+rYWbemAENhRVtBmwJMUJmT0LhcYF:Y6wK5AzCU7ZuglvAElVtBmw+UJTLf
                                                                                                                                                                          MD5:75D07C1C909A665D1A5C343A51F969DE
                                                                                                                                                                          SHA1:45F38DCAB0450BD6CB84CDAA0CB9A0AFCB043BFF
                                                                                                                                                                          SHA-256:4A79D42E9FAE445195459A33DD27365EE3A1B282E6C8902EF86B0FD5060439F5
                                                                                                                                                                          SHA-512:AA3012D30C588FFDEF10B9D64E715A9C878DD1B01075AACFDB71690C30380D6A76615D329B2B9F08D51E4A3CF46E4B179B4E0640041B1D5918E83D3ECE75CEBB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........L...........='...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...L...-...9...9...9...B.......X.......X.......X.......X...9.......X...9.......X...6.......9.......B...........X...-...9.......9...'...B.......-...9.......B.......6.......D......tostring.format_output?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.MD5.hash_id.UNSPECIFIED.NO_APP.NO_SUITE.get_sub_db_setting>Invalid configuration for the WSSSetting context handler..err.m_logger.property_name.db_name.get_context_config.UNKNOWN........('...-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L...6.......9...........B.......X.......X...'...X...6.......B.......L......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed.............6...9...........B...3...=...3...=...3...=...2...L.....get_sub_db_setting..get_context_string..format_output.new.SuiteStatusr.....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wssversion.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):644
                                                                                                                                                                          Entropy (8bit):5.652130140454056
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6Ox2oFtgLNzzPYXxFvO/cQTlr7A01JzKYAGMGuqi:6ZoFeLhzPQxFczTlZ1JmRini
                                                                                                                                                                          MD5:53D0C97359B37EBD03D53099EABA7518
                                                                                                                                                                          SHA1:B0C3CD4892A4414F3D628055EA9CB53101ED8AB3
                                                                                                                                                                          SHA-256:2FE36EB967BA08195BD1CD26194CA3897CB95CACBE5BCFAF619E253B934CD3B6
                                                                                                                                                                          SHA-512:4ED75E085631D7CA1EE647F7D21D7BF0C79BA0CE8F284AEAE11F484323BF9A36A201007D1487257D8DAFBC7930BFD89A9AECBDCF47BC791EA6814616B849EA5F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........#-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D......tostring..ReleaseName.QueryValue.no_ver.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.no_suite.is_suite_installed...O.......6...9...........B...3...=...2...L.....get_context_string.new.SuiteStatus.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.WSSVersion.mfw.core.Win32Helper+analyticstelemetry.context.SuiteStatus.require...//E1AB425AC221CB94D9BE0A4D5DD6E5564817DC3184E7E5D97497B00335F5E9C95AF28F59D56F465C7D1E20C580344EF0EE8687F7379A9917A5D5417545DC946C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventhandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2311
                                                                                                                                                                          Entropy (8bit):5.607016714665769
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:mkeaI12J4DXRBQJwyXJ/eJVMTbzscly3AZEhV6oEkiJAOtX2ihZFZ:m3BdrQtXdeyrscw3FV6oEkyAOtX2sZFZ
                                                                                                                                                                          MD5:D5B01276FA721A4744C79F1D7990B0E0
                                                                                                                                                                          SHA1:F97234C015E996E46B7263F6480AA52A5F25CCA0
                                                                                                                                                                          SHA-256:FCD95A9124D220F8ACCBC16F89128B68459E2F43101F3FD3C524EB476C570698
                                                                                                                                                                          SHA-512:F41FBA96C32246080BE584CC846A49D7AA1061EBB9023E4E1BA18B7A9B501D7F2AD07A0889F4C7915AAB2BD9EF7B7AAA9D6764901A75F44A1C54A11C9AF8A3A4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........'...6.......9...+...'...'...B...........9...'...'...B.......6...9.......'...B...X.......X...+...L...E...R...+...L....([^,]+).gmatch.string.%s+.gsub.analytics_deny_list.GetOption.settings.........M6...9.......9...'...B...6...'...B...6...9.......9...'...B...6...9...B...H.7.-...9.......9...'.......&...B.......X.%.9.......X.".9.......X...6...'...9...&...B.......X...9...-...9.......B...9...B...6.......9...+...9.......B...X...-...9.......9...'...9...&...B...X...-...9.......9...'.......&...B...F...R...K.....4Invalid configuration supplied for the context #Nil handler found for handler .err.SetOption.settings.get_context_string.new analyticstelemetry.context..setting.handler.Processing context .m_logger.contexts.pairsgIn AnalyticsEventHandler's process_context_attributes before for .. pairs(context_config.contexts)6analyticstelemetry.context.analyticscontextconfig.require:In AnalyticsEventHandler's process_context_attributes.info.log.core........-...L.................K...........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventsconfig.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8124
                                                                                                                                                                          Entropy (8bit):5.407648093940651
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:74/aZONpo7az5gqKcgF9D5aVF2Jl+PLIO:74CupGaz5gqKcgfD5aV0Jl+Dz
                                                                                                                                                                          MD5:0434B934FA55C30022B59F58EE0FA261
                                                                                                                                                                          SHA1:D5A6C5F4A0C729EFE9D9812F3FAC4307C751443F
                                                                                                                                                                          SHA-256:789EF271CAD1744AF73D7267B78B957A6FCF354FFC09ED9059C870BA702992B6
                                                                                                                                                                          SHA-512:486C385DAC6402E25E5C78BC635F8EE7064972F06E031185111F14A393C736C41CD21A422D14C74F0D0AC42DBC70FBB1EE916824F3E27AE433C993D309D9E218
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...>.........5...5...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...4...5. .>...=.!.=.".5.#.5.$.=...4...5.%.>...5.&.>...5.'.>...=.!.=.(.5.).5.*.=...4...5.+.>...=.!.=.,.5.-.=...5./.=.0.5.1.=.2.5.3.=.4.5.5.=.6.5.7.5.8.=...4...5.9.>...5.:.>...5.;.>...=.!.=.<.5.=.=.>.5.?.=.@.5.A.5.B.=...4...5.C.>...5.D.>...5.E.>...5.F.>...=.!.=.G.5.H.5.I.=...4...5.J.>...5.K.>...5.L.>...=.!.=.M.5.N.5.O.=...=.P.5.Q.5.R.=...4...5.S.>...=.!.=.T.5.U.=.V.5.W.=.X.5.Y.=.Z.5.[.=.\.5.].=.^.5._.5.`.=...4...5.a.>...=.!.=.b.5.c.5.d.=...4...5.e.>...=.!.=.f.5.g.=.h.5.i.=.j.5.k.=.l.5.m.=.n.5.o.=.p.5.q.=.r.5.s.=.t.5.u.5.v.=.w.5.x.=.y.=.z.5.{.=.|.5.}.=.~.5...=...5...=...5...=...5...=...5...=...5...5...=...4...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...=.!.=...5...=...5...=...5...=...5...=...=...7...6...L....events_config.events...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):439
                                                                                                                                                                          Entropy (8bit):5.430304555816182
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6IWlL3uknxUyPpPD4M9CCDiEiMJsYJJKq43JCO:6bL3uu3P6M9HDiEvJsP7n
                                                                                                                                                                          MD5:A24DC4B2C5942DDFBC216372AD3005EE
                                                                                                                                                                          SHA1:742ED4AB2A4F4BA5E0D173913131DB32E63B7A01
                                                                                                                                                                          SHA-256:42046CA4BCC5A3C9AE63CB3C0FAED0B285FD2E451313EDD6B54B8D7763BC58FC
                                                                                                                                                                          SHA-512:2FB594DEFD2F4E6BC182CA1EDB743625B4A0DD9F57777F74937A72BFD15A4755E4DFE4B9F6CB314CFDAE4836A3870FF8F9FFD8CE2E8A4D0CD28416CCE7CAA27D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..>.......6...'...D...)handle_on_navigation not implemented.error_.......6...9...............B...3...=...2...L.....handle_on_navigation.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.AnalyticsHandleOnNavigate4analyticstelemetry.events.AnalyticsEventHandler.require...//DAE8FB8DBFC7B08C4AA8C548C3A9DE382C3ACD00B3123B98F6787D3A2922AA2039919A250A062B7EA31E7B15728BAB2E825DB50A3B3EAC834C99EF7E5858A0AD++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticstelemetryhandler.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2050
                                                                                                                                                                          Entropy (8bit):5.674368122563602
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3K1O3RnzJe0E/+dvxd4xzyA9JG0JbXS9mf+ZS9oFGtQt6MjG+VkJLrTmHC:Vex/0+fRiYd+QFuk1faC
                                                                                                                                                                          MD5:1543285A5B33D0EABD10FC958BDE7136
                                                                                                                                                                          SHA1:F455B99AE46422FF116AE192EB2364491CD7CC35
                                                                                                                                                                          SHA-256:0C8E7B105016154A353432AD17B4D0F97A6AC67B4B10D47D636AD3135D07DA31
                                                                                                                                                                          SHA-512:314F2A4FBF80C2A6CC26802DA05939F8037126F99F43F22152C98BC676493F37281CCD09C7F7088F2AEBC89183AEA08B8395336BA4D70764BEF27EBD64A76F64
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........66...9...8.......X...8...L.......9...'...B.......X.......9...'...B.......X...'.......&...6.......9.......'...B.......X.......X...+...<...L...6...9...)...B...'...6.......B...&...6.......9...)...9...9.......B...+...L....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......!...6...9.......9...'...B...6...9.......X...6.......X...6.......X...6...9...)...B...'...6.......9...)...9...9.......B...)...L.......X.......X...6...9.......9...'...B...)...L...6...9.......9...'.......&...B...6...9.......)...+...B.......X...6...9.......9...'.......'.......&...B...)...L.......X...9.......X...6...9.......9...'...B...)...L...6...9...9...8.......X...6...9.......9...'...9...&...B...)...L...9.......X...6...9.......9...'...9...&...B...)...L...6...'...9...&...B.......X...6...9.......9...'...9...'...9...&...B...)...L...9...6...9...........B...9...B.......X...6...9.......9...'. .9...&...B...)...L...)...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\blockpage.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2153
                                                                                                                                                                          Entropy (8bit):5.703014440133593
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Oe7guhyIJ6flj14j6Q6ARRhQ00MuhXuS5g+i3BJ0sPJQ7:Oe1FqjWbdRRC0ns3di330sPM
                                                                                                                                                                          MD5:056744ECEA4B7360AC01351866B61C3D
                                                                                                                                                                          SHA1:A7950CE3BE6118E33697ED22C95D6DA6C69A0143
                                                                                                                                                                          SHA-256:C89C6258D669F50DB8E95D66EA26DC66A90CFB2464ACD8D77D785A325DA1DED3
                                                                                                                                                                          SHA-512:2592AF53E62D260127EFAB58505DD500D3BFB9C8CF81C2AB244F74A37087119E061B134BC58D230CE3CD526AB8B7041C4BDEEF4D1A88793323A476AD2185FAFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6.......9...+...'...)...B.......6.......9...+...'.......D....SetOptionInt"*AnalyticsCounterPagesBlocked.GetOption.settings.........%+...6.......9...+...'...+...B...........X...+...L...9.......X...9.......X...6.......9...'...D...X...9.......X...6.......9...'...D...X...+...L...K....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name.*AnalyticsSendWss.GetOption.settings......).|-...9...B.......X...-...9.......9...'...B...+...L...9.......X...-...B.......X...-...9.......9...'...B...-...-...B.......X...-...9.......9...'...B...9.......X.(.'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...X...'...=...9.......X...'...=...X...9.......X...'...=...X...'...=...X...'...=...'...=...9.......X...'...=...X...'...=...5...9...=...9...=...9...=...9...=. .9...=...9.......X...9...=.!.9...=.".9...=.#.9.%.....X...'.&.=.$.-...9.'.....B...-...9.(.D............transmit_analytics_event.set_analytics_event.de

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\browsernavigate.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2034
                                                                                                                                                                          Entropy (8bit):5.619001010095783
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UsDTHkRkQtT4vdeR6oJdULzkDeJe7gujLMsHiKfJJ5MJ30cbJfF7n:Us/HVQh4vyALzkDme1j/C0JJ5A30cbJZ
                                                                                                                                                                          MD5:1F53FFA42A301E65B399C0021AC9D85F
                                                                                                                                                                          SHA1:A8090738A676C7563964690F4A3A92F66CD42B8C
                                                                                                                                                                          SHA-256:3B22238152C23349CA96AF7105650CB6DEC67C683DF8BF2C26CAC0C5385F61C2
                                                                                                                                                                          SHA-512:FF2995B57460E6F3DD0F3532DB3C808930B09D020A7C3F906B3F629C95FD8B11A10805135A33C9B820F8183CB7E72DF9886CFD64688866F7A7B984639751E8FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........*6...9.......9...'...B...-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...9...-...9...........B...9...B.......X...-...9.......9...'.......&...B...L.....'Failed to handle analytics event: .handle_on_navigation.new.handler. Handler: BBrowser Navigate handler does not exist for analytics event: .err.m_logger.get_analytics_eventIIn Analytics BrowserNavigate Handler's process_registration function.info.log.core........06...9.......9...'...B...6.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....handler..config..handle_on_navigation.analyticstelemetry.events..require.handler.events.pairseA global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.g_analytics_configSIn Analytics BrowserNavigate Handler's build_navigation_registrations function.info.log.core.........6.......9...+...'..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\commonlogicloader.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1419
                                                                                                                                                                          Entropy (8bit):5.79482391332802
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6NpCk+enQBwRdS0ZSF2j5G6n8VGLoL9m/eB+kJRiuWeTSKUZSFgT46A3zh6fTZ2m:qCvenawRdS0ZSw1F8VGLZGB+2CKUZSmd
                                                                                                                                                                          MD5:24079788DC3C924FD3BFE6C5724F4E81
                                                                                                                                                                          SHA1:C6AE7F3E466866CA55B4610BBFED214BE1810949
                                                                                                                                                                          SHA-256:0FB28CBFCE9A25007E85E54CD839D6195EFE3FD91D431BA70C53C9B281087186
                                                                                                                                                                          SHA-512:7C27B87E24696E2AF8115DE2B4E0ADF4B13771A534C125A0AABDCCBD56DCF017C9E6A69CDF636B21804EAFBCA47CEBAE19296538632D608BC6D0C4938869C00F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........6...9.......9...'...B...5...'...6.......B...X...6...6...........B...E...R...K....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils=Inside Analytics's CommonLogicLoader's requireLogicFiles.info.log.core........]6...9.......9...'...B...'...6.......9...B.......&...6...9...'...)...B...6...9...'...B...6...9...9.......'...&.......B...9.......X.5.6...9...:...9...B...).......X.-.U.+.....9...'...'...B...6...9.......9...'...........&...B...6...6...........B.......X...6...9.......9.......B...6...9...9...........B...........X...6...9...:...9...B.......X...X...6...9.......9...'...B...K....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: ...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.WIN32_FIND_DATA[1].n

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailycounters.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2671
                                                                                                                                                                          Entropy (8bit):5.863752214121039
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Nv/cUjFEmVSJhJ2TqHsZHNJGoXWpFs9hEi20hjXVFOI0B2gzZ9i5JEpJmhL:Np2h4TqH4zGRpKTbj/Vga/EpK
                                                                                                                                                                          MD5:5C8DF7C70B138ECB45611F1C99CDF879
                                                                                                                                                                          SHA1:0B37D4EA4E269D4959BC81A3115E348A4D5627B5
                                                                                                                                                                          SHA-256:83FF1310D76F529F9BC6512E29F75F27B191026342E0CAAB35656404532F8072
                                                                                                                                                                          SHA-512:0994475671831EF29CBB77A8757E5B8005699C9D94B20616C4C243D3D5365B424EE707316269D6C9645E2A5D9D6D1FB9A07A1FC82DB80F89D784E03B80B9B963
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........d6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6.......9...........'...9...'...6...9...9...B...&.......B.......6.......9...........'...9...'...6...9...9...B...&.......B...+...L......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixQAnalytics Daily counters handler called with an invalid event configuration..Analytics_DailyCounters.get_analytics_configBAnalytics Daily Counters handler was passed an invalid event..err.m_logger.triggerType.browser.get_analytics_event;Inside Analytics Daily Counters handle_analytics_event.info.log.core.......%...6...9.......9...'...B...-...9...B...+...)...+...'...5.......X...9.......X...9.......X...9.......X...9...........X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailyping.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2592
                                                                                                                                                                          Entropy (8bit):5.570588287292458
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:q8RJ0a2Qh6wIHQB9NoCZJdxrLz+vFBLRN9Wh2h9lSeXXfRzjF3JKRjd+PJlOJ6yY:q8/AQh6+LNJZZLz+9dpSe/pjfKPKlO0Z
                                                                                                                                                                          MD5:5BCB480176060509A8F25D89458128DB
                                                                                                                                                                          SHA1:6277D5A16C6BAF28724AF14B30C799E9B8882115
                                                                                                                                                                          SHA-256:91487D6FA7401AAF7D639FE3D19E12C7E82C8E2093BF42E4517CB6056D62CCDF
                                                                                                                                                                          SHA-512:98EF1BDC00E6193E375C9A83CACF10597C19C3F9F82C8E256ADFD1287A845ED03CC967AA8B2BE4084D254CCA30BA86D2637B1EEE3C538B5AB2F73042DA3606D1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........(-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...5...9...-...9...........B...9.......B...-...<.......X...-...9.......9...'.......&...B...L.......XTelemetry 3.0. Daily Ping's process_registration failed to handle analytics event: .send_on_ping.new....metric_value..extra..handler. Handler: CTelemetry 3.0. Send on ping handler does not exist for event: .err.m_logger.get_analytics_event.........4...6...-...B...H.......X...9.......X...9.......X...9...8.......X...9...9...<...F...R...L......metric_value.ping_metric_id.pairs.........6.......X...6...9.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....config..handler..send_on_ping.analyticstelemetry.events..require.handler.pairstTelemetry 3.0. A global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.events.g_analytics_config........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowsernavigationcount.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1145
                                                                                                                                                                          Entropy (8bit):5.896058509059003
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6UUM9qnTXtfq2BeVhrhjClvVvgP0VvAqScukUJdI3GgVv+vJ/vJ5508Ht+z:TOHEVhMEAAqSDdc3vcJXJAzz
                                                                                                                                                                          MD5:C9C350BDA2597A50FA2AB170BA780E5A
                                                                                                                                                                          SHA1:7DDF190329C5C549B85D8FB961B887B32CBF32F8
                                                                                                                                                                          SHA-256:53BE02E74F7E94C261A4EAE6FCA5D0F42FA33E32CAD5B1E1DF80BA533B9E012C
                                                                                                                                                                          SHA-512:30FB4B8042CF5C14BB1AF8DA2C6F18C75D5A044162778708A9D2FFF8F939B67FDC32FDE768BADE2C234B333653A1A702229963A7E9F22854730C4423E01BDC41
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........?6...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...6.......9...+...6.......&...)...B...<...6.......9...+...6.......&...)...B...F...R...9...=...6...6...9.......B...A...=...+...L........encode.json_parser.tostring.metric_value.ping_metric_id.SetOptionInt4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX.GetOption.settings.pairs\Analytics DailyPingBrowserNavigationCount handler called with an invalid configuration..err.m_logger.ping_label.get_analytics_config:Inside DailyPingBrowserNavigationCount's send on ping.info.log.core.........6...9...............B...'...7...5...3...=...2...L.....send_on_ping.....ch.ff.ed4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX+Analytics_BrowserNavigationCountToday_.new.SendOnPing.........6...'...B...6...'...B...5...7...6...3...=...6...2...L.....new$DailyPingBrowserNavigationCount....send_on_ping./analyticstelemetry.events.SettingsDBLookup)analyticstelemetry.events.SendOnPi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowserused.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1385
                                                                                                                                                                          Entropy (8bit):5.647811771424218
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6CelnIXFF/xolSVxjGJUkEdWyJYlvV3HVEguLuSE8GJV6vJ/vJ5H6hIm/Fch:70IXn8IGy6eHLucbJXJdy/k
                                                                                                                                                                          MD5:8254A852D48CCB91AEE447BA5358DC05
                                                                                                                                                                          SHA1:AEEE33315A653283EA929F68895580AF1885A47A
                                                                                                                                                                          SHA-256:DB505E7F28335D556C377DD845042C0D40B07538E6038D81C15CE3A8C8547073
                                                                                                                                                                          SHA-512:D561F92E71DEDD99B75B4FE1A0FB6E292C8F0B0A130B6FADDA947650ED246581F428CC5CB1FAFFCE72D25DA71CCC6F6F2FB07518D752F40D9776DA652208E2D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........'6...9.......9...'...B...6...9.......B.......5...7...6.......9...6...8...B.......X...6...9.......9...'.......&...B...+...L...-...9...+...-.......&...+...D........get_setting$Process is running for browser .IsProcessRunning.utility.browser_processes....ch.chrome.exe.ed.msedge.exe.ff.firefox.exe.lower.string9Inside DailyPingBrowserUsed's get_browser_used_today.info.log.coreD.......6.......9...+...-.......&...+...B...K......SetOption.settings........36...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...-.......B...<...-.......B...F...R...9...=...6...6...9.......B...A...=...+...L............encode.json_parser.tostring.metric_value.ping_metric_id.pairsNAnalytics DailyPingBrowserUsed handler called with invalid configuration..err.m_logger.ping_label.get_analytics_config/Inside DailyPingBrowserUsed's send on ping.info.log.core.........6...9...............B...'...5...3...3...3...=...2...L.......send_on_ping....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingmetriccounter.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1533
                                                                                                                                                                          Entropy (8bit):5.591046055711385
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6qZ0GoJPeM2Q+ycfXlvVulvDJNn7IBTbWcB5f396BBqmkctcXlvV54SGXjuZwiJn:t0GoJWM2Q+yHJNnWbv96G1kSGa5JjFJ/
                                                                                                                                                                          MD5:5481A7F0DB5E38C2E0B4D487ADA34CFA
                                                                                                                                                                          SHA1:0BC321BD4CC8DC159967B5F522CDAD180EC648EE
                                                                                                                                                                          SHA-256:E30194B320783BEE0646634015D1A944380277765C1FB976374FAA19380C62B3
                                                                                                                                                                          SHA-512:AA4458E7D1A708F985CBB936296C600970F6F29AFECD0D36990B3C1617B25F40CDEDF5E3ED3EC8B34736DF4631FA912E3EC8D2BE4C9E80719F1A85F5B0F50A50
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........C-...9...B...+...)...6...9.......9...'...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......6.......9.......9.......B.......9.......X...9.......X...9...6.......9.......9.......D......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_contextSAnalytics DailyPingMetricCounter handler called with an invalid configuration..err.m_logger.setting_name.ping_metric_idAIn Analytics DailyPingMetricCounter's handle_analytics_event.info.log.core.get_analytics_config.........O-...9...B...+...)...+.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......9.......X...9.......X...+...6.......9.......9.......B...9.......X...9.......X...9...9...=...=.......X.......X...6.......9.......9.......D...X...+...L...K......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.in_co

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4617
                                                                                                                                                                          Entropy (8bit):5.830734673267187
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:GQEBjpEGPxKTKVUhwq6avqws1aoibd6IKloknBNlMveTGXryHeEnvxJwFvOcgQS6:GQOEGPxKTK6WaNs4Vd5Kl1bEdbREJWlH
                                                                                                                                                                          MD5:5675171C0D8D4695A4E2C75BF56D4487
                                                                                                                                                                          SHA1:CEA4EC1801BA52D8D31EDC3E3CE234CCBE09B169
                                                                                                                                                                          SHA-256:4DD4426315AA9B87979C7A1CC3355159D3A1539DDF65AFB8969BD4B01B4EB680
                                                                                                                                                                          SHA-512:866A19877D5EBEDF6CDF105C2839D3A245C852CDF536176D9DD26B8821D2A718BD4679E88D4B3777963A2DAC510F58EEB629D2CC7F3C0D728401BDF19434B30C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........5...=...=...=...L....hit_label_21.hit_label_20.hit_label_19....hit_label_21.._event_name.wa_domain_membership.hit_label_20..hit_label_19.^.......-...............B...9.......B...9...D......transmit_analytics_event.set_analytics_event........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics DomainMembership ver_to_send < ver_sent so not sendingEAnalytics DomainMembership ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings........<4...6...9.......B.......X...-.......9...'...6.......B...&...B...L...6.......B...X.$.6...9...........B.......X...-.......9...'.......'...6.......B...&...B...X...-...8.......X...'...5...=.......X...'...=...=...6...9...........B...E...R...L........insert.table.type.value..name....value..type..name..unknown.: .Error getti

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainnavigatedcounter.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3032
                                                                                                                                                                          Entropy (8bit):5.870910964820613
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:IWmazRGpYrvwvziT45n1y27j6F01AwQS0ZBdJgGlKqdA/kvUgZDf2jCHJJ1mjA:IU4pWczlN7jUQPQSggkKqdAIZDf2GHJN
                                                                                                                                                                          MD5:2C8911B3980EEF3A29CE473B4CD9217A
                                                                                                                                                                          SHA1:F139C36C58654B67B49CD9207A1899E40ABE0F57
                                                                                                                                                                          SHA-256:E3BC027E22AB082BD1331AF8527DB62369D72D573A7F33A3E0DC1F9B8654CEBD
                                                                                                                                                                          SHA-512:7DD6CF875534AAF205D9BE680734BDD50F4637FC8AE310877FB5730221DD92290359EEE0D1827684078308F6034639D3E7AEA25B1546749617FA27B19BB91E38
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..n.......6.......B...H...6...9.......9...B.......X...9...L...F...R...+...L....domain.urlMatch.match.string.pairs........+...L...........=-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...+...L...+...)...-...9...-...B.......X...+...L...6...9...-...'.......'...9...&...B...6.......9...............B.......6.......9...............B...+...L............SetOption.GetOption.settings._.lower.string^Analytics Domain Navigated Counter handler was supplied a malformed event for processing..err.url.browser.get_analytics_eventOEntering Analytics Domain Navigated Counter handler's handle_on_navigation.info.m_logger.........D-...9.......9...'...B...+...)...+...5...).......)...M.4.)...-.......)...M...6...9...-...'...-...8...9...'...8...&...B...6.......9...............B...).......X...5...-...8...9...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...+...L..........SetOption.transmit_analytics_event.set_analytics_event.hit_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1661
                                                                                                                                                                          Entropy (8bit):5.6353792956433075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:oeQDKesU4NION1YmRj2AZGrZ+8JHlDiJelgJxV:oeXeN4NpRRjY40dyeSJ
                                                                                                                                                                          MD5:A5EF78E0F756F9435BF466F4699494E2
                                                                                                                                                                          SHA1:222D52D9293B97166D3C30BC96DCCD76389029C4
                                                                                                                                                                          SHA-256:3104A3FCF530FA3503BCF18352E464716C6D461CA8BC44572EA0DBDD9DD34F6D
                                                                                                                                                                          SHA-512:7FD8FD52148917CF69E9E8974F20FF7C3575294B252383EBBD7AD7E0AD8F3C9F20C3913EAF4C1A77F3267EFCD8C28ACDC7E99EDF9FBBF72F0ABC83792E379F8C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..X.......6.......9...+...'...+...D...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......6.......9...+...'...+...D...#*DownloadScanSendFileTelemetry.GetOption.settings........7'...+...9.......X...9.......X...6.......9...'...B.......X.......L...X.$.9.......X...9.......X...'...6.......9...'...B.......X...6.......9...+.......)...B.......6.......9...+...........B.......X.......L...X...+...L...K....SetOptionInt.GetOption.settings.msad.files.blocked&*AnalyticsCounterDownloadsBlocked.Blocked.msad.files.safe.PublishMessage.wssEventSender.AcceptRisk.interaction_type.DownloadBlock.name..........B-...9...B.......X...-...9.......9...'...B...+...L...-.......B.......X...-...9.......9...'...B...9.......X...-...B.......X...'...=...9.......X...-...B.......X...'...=...4...9...=...9...=...9...=...9...=...9...=...9...=...9...=...9...=...-...9.......B...-...9...D............transmit_analytics_event.set_analytics_event.ui_type.hit_label_24.colour.hit_label_23.hit_label_22.hit_label_21.browser.h

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\heronerrorslog.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2427
                                                                                                                                                                          Entropy (8bit):5.734071337426371
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:6/W/iBelQ1lYQ0M7atJAaPpJ5JjWJHZF8ko8jVpPUmQrWDJXRgAn3JusvOi:jlQlAJHJSD8k9jWa1XSg3t
                                                                                                                                                                          MD5:A125C112C55E27E0FDDD2E541480EE53
                                                                                                                                                                          SHA1:5FC3996D4205DD73544E4FE80A1916AB3EC569D8
                                                                                                                                                                          SHA-256:FBD236FAB0A1A641C46DFCE6CB173491474A9CBD3173C77BC33509C115953886
                                                                                                                                                                          SHA-512:DA1F328764D4E4891463960CFDBD8710D01AC6698B43DD4A5D1AC9F1F2BAFAF50A7D25F111351CC47B6893CD554CAF741AFB8F216D28A3ADEAA2CB83CD399A61
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........#...6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......9...'...B...+...L...-...9...B.......X...-...9.......9...'...B...+...L...+...9.......X...9.......X...+...'...9.......X...9...6.......9...+...-...+...B.......X...-...9.......9...'...B...+...L...6.......9.......-.......B.......X.......X...'...X.......'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...9.......X...9...'...9.......X...9...'...9.......X...9.......X...'...9...'...&...'.......'.......'.......'.......'.......'.......&.......'. .....'.!.&...6.......9.".....-.......B...+...L..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.metadata.error_code.".null.,.[-HeronErrorsLog heron telemetry disabled..GetOption.settings.default_no_value..in_contextGHeronErrorsLog handler called with an invalid event configuration..get_analytics_configPAnalyt

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\installedextensions.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1361
                                                                                                                                                                          Entropy (8bit):5.7222381194006
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6iagPrR/Jr3yCJOxTnZBCjsVudecYHfxQ6FF9K6FXyvjocu/yYXl3JB1J5ZzGBeN:hPrP3BsZBCjocBqK3joD/yYXbvJB
                                                                                                                                                                          MD5:9AC09FB2FE4AB5D79A8823E8E56C9BB4
                                                                                                                                                                          SHA1:F800A112729815F419DA876E0E87FC0DB50B0BBE
                                                                                                                                                                          SHA-256:C4A499FEA4EE42E78FFA0996B3DA2D6150023C4BCA326B7A9FE80D3B16906227
                                                                                                                                                                          SHA-512:B11CABF05F7AF0028475EE1BE4DF6597A9644DAA5ABDF0A8150DB8E18F6E224615D675D119E2B2A00B6369939476053978D1AAC8DC49EACE9B2CBB5B408D3356
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........+...L...........V-...9.......9...'...B...6.......9...+...-...)...B...6...-...B...H.B.6.......9...+...-.......&...)...B.......X...-...9.......9...'.......B...X./.6.......9.......B.......X...-...9.......9...'.......B...X. .-...9.......9...'.......'.......&...B...5...=...=...=...-...9.......B...-...9...B.......X...6.......9...+...-.......&.......B...F...R...K............SetOptionInt.transmit_analytics_event.set_analytics_event.hit_label_21.hit_label_20.hit_label_19....hit_label_21.._event_name.wa_installed_extensions.hit_label_20..hit_label_19.. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settingsHEntering Analytics InstalledExtensions event handler's send_on_ping.info.m_logger.........6...9...............B...'...'...5...3...=...3...=...2...L.....send_on_ping..handle_telemetry_event....CH...ED..1Analytics_Installed_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\lowsearchusertargeting.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3307
                                                                                                                                                                          Entropy (8bit):5.672005510352201
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:p9hLYo14yWoUDkcqroiepVs+5ahLiD70tWQrdkI1:9PTWoUDDXD7Kdl
                                                                                                                                                                          MD5:5A35BF4618BFCEAB37688CB5A8511FA3
                                                                                                                                                                          SHA1:62E09C8AC3C5A9603E0793A444DFE4A19B48B04C
                                                                                                                                                                          SHA-256:539F34F12F104A2B32CE52E9FBB3642BB0CD48E2F5598681EE9287215BD3CD60
                                                                                                                                                                          SHA-512:CCA0106170395258F6B1FAAF23BB2B9D6BE742391CD915124E25391B0E15580C41F4C0623B2C01E928D5FE7DF1D99B69705CAF2A9C1E877E7E2B4F775C3F17CD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........0...6...9.......9...'...B...'...6...6.......9...+...'...)...B...A...6...6.......9...+...'...)...B...A...6...9.......9...'.......'.......'.......&...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B...6.......9...+...'...+...B.......X...'...X.......X...'...6...9.......9...'...6.......B...'...6.......B...'.......&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B...6...6.......9...+...'...)...B...A...6...9.......9...'.......&...B...6...6.......9...+...'...+...B...A.......X...K...6.......B...6...9.......9...'...6.......B...&...B...6...6...9...'. .....B...A...6...9.......9...'.!.....&...B...5.".=.#.=.$.=.%.=.&.=.'.6...9.......9...'.(.B...-...9.).....B...6...9.......9...'.*.B...-...9.+.....B...6...9.......9...'.,.B.......6...9.......9...'.-.....&...B...6.......9...+...'.......B...6...9.......9...'./.B...K.....9send_low_search_user_targetting_telemetry() exitin

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\navigatedtoday.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1396
                                                                                                                                                                          Entropy (8bit):5.560263627552033
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6j+e/agXgQCWpI4M6JUhheWdJs1bWWSAJWIKY7jJw8JNHuuZJvJZHrRO2vJsKH4L:u+e/vPNMEUhhfdcb3VA7Y3Jw8JzZJv32
                                                                                                                                                                          MD5:B6555ECDDF3AE6C3F7207673E9DFEC54
                                                                                                                                                                          SHA1:601D2A773577A56E823BF13A2544F27DF122519E
                                                                                                                                                                          SHA-256:25C34EBF0EF869FE78E293563719F2C36C4DD4EB53EB7B2FD954E35D9C491F98
                                                                                                                                                                          SHA-512:26BD9959A208FDC9C8890B6B8FFE87B4CCBD92C9DE2295B4624D34EB437D4C52D2F36BB268FE37F1B7D9DC530B41B1645B984B241CAC220CB7D93FE6B6E46244
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........M6...9.......9...'...B...-...9...B.......X...9.......X...6...9.......9...'...B...+...L...6...9...9...B...7...6.......9...+...-...6...&...+...B.......X...6...9.......9...'...B...+...L...6.......9...+...-...6...&...)...B.......6.......9...+...-...6...&.......B.......X...6...9.......9...'...B...+...L...+...L.........aNavigatedToday Telemetry 3.0 handler unable to increment BrowserNavigationCountToday setting.SetOptionInt.GetOptionXNavigatedToday Telemetry 3.0 handler unable to set BrowserUsedToday setting to true.SetOption.settings.lower.stringXNavigatedToday Telemetry 3.0 handler was supplied a malformed event for processing..err.browser.get_analytics_eventAIn Analytics NavigatedToday Handler's handle_analytics_event.info.log.core..........6...9.......9...'...B...-...9...D......handle_analytics_event?In Analytics NavigatedToday Handler's handle_on_navigation.info.log.core.........6...9...............B...'...'...3...=...3...=...2...L.....handle_on_navigation..handle_analytics

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\pushnotification.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3033
                                                                                                                                                                          Entropy (8bit):5.6445036663431125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:REIVPXKEKVUIc7JExkuuajjtBjqb87lzXdM2LCkPTbxY4eSZrlMWuar7uLnU/XaM:REGPXKEKVUN8uoBjk8XMCCovbeK5MxnE
                                                                                                                                                                          MD5:CB3840772AA5D70D563B31E6E6D5BED4
                                                                                                                                                                          SHA1:FBC3D845B022E0A3E38DC01E832D11A2F813778B
                                                                                                                                                                          SHA-256:148F560CDC77D62088B201D549C866D488E6D7EBB0547CE1E7F4B46B777B5A13
                                                                                                                                                                          SHA-512:B8764F8C09DF899665060CA268BF630A00854F0A484D543FDC99AD7C0E36D4CFE1C48D178AFE0C5A851895396AD6050842274304CA2621A1D07B08420B109349
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics PushNotification ver_to_send < ver_sent so not sendingEAnalytics PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings.........'...6.......B...X.......'...6.......B...'...&...E...R.......X.......9...)...)...B...........'...&...L....].sub.",.tostring.".ipairs.[........()...4...6.......B...X.......9...'...B.......9.......B.......9...'...B.......9...).......B...........X...6...9...........B.......E...R...-.......B...........J......insert.table..:.sub.//.find.ipairs..........5...=...=...=...L....hit_metric_0.hit_label_21.hit_label_19...._event_name.wa_push_notifications.hit_metric_0..hit_label_21..hit_label_20.ch.hit_label_19.^.......-...............B...9.......B...9...D......transm

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1355
                                                                                                                                                                          Entropy (8bit):5.59101889177688
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6JO8dwKfhwo8uuGEE0eVEKvRRMjjgOvEW4d5Z+S69gxuuHJjMfJsPHUxn:ADDfhCuDEE0eHRMjjTu+gx9HJQfJ5xn
                                                                                                                                                                          MD5:DB20AA1CD1B6E51D8D5BE03DE5C8BF87
                                                                                                                                                                          SHA1:F041DE9EA9B6ADEC749448232A3B8C84EF1BC3FD
                                                                                                                                                                          SHA-256:66BDADE4994B6045BED335BE31A7F9AB0B4FDB2F01818C95D624F97B00D58503
                                                                                                                                                                          SHA-512:1E67BB6971A4FFB120ACEA3DCF58FDC12F7EDC6913591D5EF5751945B02B9CE2CBCDF5FD98CBD92D4C09B35173B690E35B3D1A216388E620363A3DFB7EE4F98E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ............-...9...B...-...9.......X...-...9.......).......X...6...9.......9...'...B...+...L...9.......X...9...=...4...-...9.......X...-...9.......X...9...=...9...=...9...=...-...9...........X...9.......X...-...9...:...=...X...-...9...:...=...-...9.......X.:.)...-...9.......)...M.4.-...9...8...........X...6...9.......9...'...B...+...L...-...9...8...:...8.......X...-...9.......X...-...9...8...:...'...<...X...6...9.......9...'...B...+...L...X...-...9...8...:...-...9...8...:...8...<...O...-...9.......X...-...9...=...-...9.......B...-...9...D........transmit_analytics_event.set_analytics_event.hit_screen8Malformed event passed into RemapAttributes handler.default.set_default_for_not_mappedNRemapping part of config passed into RemapAttributes handler is malformed.remapping._event_name.Impression.browser.hit_label_20.hit_label_19.name.hit_label_18.as_is.interaction_type.action_type9Malformed config passed into RemapAttributes handler.err.log.core.event_names.get_analytics_event..a.......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchreset.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3387
                                                                                                                                                                          Entropy (8bit):5.518921565811051
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:+cEGPlKkKVUr0/VjzpzRILXFfj2NIWjRN5RlDk9w03ngpYjRI26VNPNBYwixtPmn:PEGPlKkK6gRzpzu05Pu91nY7HWU
                                                                                                                                                                          MD5:8E6128F8F2A9F879C6306590A8D5177B
                                                                                                                                                                          SHA1:146103A6B4E2B54A4814780DDA0FC58082A443EE
                                                                                                                                                                          SHA-256:EE3DEE8BC57ADDE2453A4C96278587CBD80129DAE0EC3B17E6F6BDC8EBB64C22
                                                                                                                                                                          SHA-512:8C6B4F52A7C57B3E35E9C220768962EEFABD791B601CCBD25D836EE3D0C3F599B048069DE64BBBC0CA26F24B6BFAA4D41736074C40633B6F1BDB207A12726C3D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...6...9...'...B...A...6.......9...+...-...)...B...).......X...)...L...!...L......GetOption.settings.!*t.date.time.os........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings..........-...9.......9...'...B...6.......9...+...-...+...B.......X...+...L...-...9...B.......-...9.......X...6...9...6...9...'...B...A...6.......9...+...-.......B...6.......9...+...-...)...B...+...L...6.......9...+...-...)...B...-...9.......9...'.......&...B...-...9.......9...'...-...9...&...B.......X.O.-...9.......X...-...9.......X...-...9.......X.C.-...B...).......X...-...9.......9...'...B...+...L...'...-...B.......X...6.......9...B...........X...-.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1653
                                                                                                                                                                          Entropy (8bit):5.796504876010033
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:JDSzV16a2/zAij2Hacz8SDAJJEyJ/QQN4:JuzV1BMrj2/8W0JEySY4
                                                                                                                                                                          MD5:71FFCE9BE0676300990DB112319B18EA
                                                                                                                                                                          SHA1:4A7B0BC0A058D21AD3DF2719D0A3B41B1D027C99
                                                                                                                                                                          SHA-256:0861A21D2679E49EF9E1202C6F90E29FA73AD66518CEAE8943F95707F718BFF5
                                                                                                                                                                          SHA-512:3499CB79844B6D341397CE896119FD7A418324D45AA4E6E171E2B07C8AAB064DBA496A9403621AE15336DBC3D4A6679EF9733A16B24B78411DEEE4D438846B76
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........A-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...6...9...-...'...9...'...9...'...9...&...B...6.......9...............B.......6.......9...............B...+...L........SetOption.GetOption.settings._.lower.stringHAnalytics SearchSuggest Counter handler was passed an invalid event.err.search_type.interaction_type.browser.name.get_analytics_eventDEntering Analytics SearchSuggest Counter Handle Telemetry Event.info.m_logger.........J-...9.......9...'...B...+...)...+...5...5...5...).......)...M.8.).......)...M.3.).......)...M...6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...).......X...5...8...=...8...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...O...+...L........SetOption.transmit_analytics_event.set_analytics_event.hit_metric_0.hit_label_21.hit_label_20.hit_label_19...._event_name.wa_search_suggest.hit_metric_0..h

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchterm.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5468
                                                                                                                                                                          Entropy (8bit):5.684573016098276
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:vEc6Kr6/joo1pKtk8LhEPeL4wM9IKV1BkU+DdZdggkqJtzLULlPT:vBZr6cq8txNMKKrOU+RZdjJBLMZ
                                                                                                                                                                          MD5:3778F3C22BF093A34BB5692A9B4DA2C6
                                                                                                                                                                          SHA1:97D933306ADDD6D6359EC3753721ECCFD9CCE583
                                                                                                                                                                          SHA-256:B724C5CD2F574A01A88ED238DDDE988A440AD027F9190ADDDF345AF8D188CA93
                                                                                                                                                                          SHA-512:F095FDC6F063824231C2380DF76E0B7788F18D30B638383097F0E193F90C110B5AD7850E0816FEB285A527AB9C00445D27D559EC205A2DD9324FE9BC82A69409
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..8.......6...9...6.......)...B...C....tonumber.char.string+...........9...'...-...D......%%(%x%x).gsubc.......6.......B...H...6...9.......9...B.......X...L...F...R...+...L....urlMatch.match.string.pairs........06...9...........B...7...7...6...9.......6.......B...6...9.......'...B...7...7...6.......X...6...9.......)...6.......B.......-.......B.......6...9.......'...'...B.......6...9.......B.......L......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......-.......-...8...9...D........firstIndicator........F'...6.......B...X.>.+...6...9...B...X...+...6.......B...X...6...9.......'.......'...&...B.......X...+...X...+...X...E...R.......X...+...X...E...R.......X...6...9...B...X...6...9.......'.......'...&...B.......X...+...X...E...R.......X.......X...9...X...9...'.......&...E...R...L.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........+...L.............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchhit.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8197
                                                                                                                                                                          Entropy (8bit):5.709606313879427
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:UD2A/mLB7AVWy/c9AbQLW/rNwGYF3B6YfX:gPAUVWyc9AbBeGYtfX
                                                                                                                                                                          MD5:3F35B8392D1798597572ACDDEE5C3120
                                                                                                                                                                          SHA1:F5DB76148679A62E1615EF8BFFA87109841A9E80
                                                                                                                                                                          SHA-256:165B85E77E30395DD43C0B979A82E895BA0522F133538DAC1AE02D4224959D10
                                                                                                                                                                          SHA-512:17431A9A7A00D35DFC00F7F191FD313A04F4C50A6EAFD4EF8471EDA7F41DADEA30B467A16069AA7C7F06DE04CB01260A2EE370BECBE3A559A1C9641F9AA871DB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...6.......9...+.......)...B...A...6...9.......9.......'...6.......B...&...B.......6.......9...+...........B...K....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$6...9.......9...'.......&...B...9...9... ...).......X...U...........X...6...9.......9...'.......'.......'...9...&...B...5...=...=...9...=...L.......month..year..day..day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!6...9.......9...'...B...6...9.......B...6...9.......B...6...9...........B...6...9.......9...'.......'.......'.......&...B.......L...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~6...6.......9...+...'...)...B...A...6...9.......9...'...B.......X.f.6...9...'.......B...-.......)...B...-.......)...B...6...9...-...........B...A...6...9...-...........B...A...6...9.......9...'...B...6...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchtoast.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2753
                                                                                                                                                                          Entropy (8bit):5.78394166018439
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:5sSiaIqULiwOSJJWkGqCq+RkvjjQH7UjULso2X16RYDQJ8v029vJPbtD:5sRaIqx9gJWkGqH+Qjc3L6IYDk8v029n
                                                                                                                                                                          MD5:8237CA728FE9B37944D872D8AA34D726
                                                                                                                                                                          SHA1:1CA63A24AFBB2BE70766D915EC34163C63E53155
                                                                                                                                                                          SHA-256:1C2A9D2D80B9A406F7956F778CF70102AB4DD4CF4F688F93D366F1C6C6A8C02A
                                                                                                                                                                          SHA-512:76E339E13FFB4DC10702B25D2F715AEFFC749F0D24FB0AECF2DFA56DDA45C03E771BD55E67C1608E9442CF79ED2862BAD6D0F9BDF968FEC2D46A23118D4888A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........@...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...'...'...9.......X...9.......X...9...9.......X...9.......X...9...9.......X...6.......9...+...-...9...&...9...B...X...9.......X...9.......X...9.......X...6.......9...+...-...9...&...'...B...=...6...9...B...-...9.......9...'...6.......B...&...B...6.......9...+...'...+...B.......X.A.6.......9...+...'...)...B...)...'.......X.#.6...9...!.......B...6.......9...+...'...)...B...-...9.......9...'...6.......B...'. .6.......B...&...B.......X...-...9.......9...'.!.B...'.".....X...'.#.....&...X.......'.$.'.#.....&...-...9.......9...'.%.....&...B...'...9.......X...6.......9...+...'.&.)...B.......X...6...9...!...B...).......X...6.......B.......6.......9...+...'.&.)...B...X...6.......9...+...'.&.....B...5.(.9.'.=.'.9...=.).9...=.*.9...=.+.9...=.,.=.-.9.......X...6.......B...=...6.......B...=./.-...9.0.....B...-...9.1.B...'...9.....2.X...'.3.X...9.......X...'.......X...6.4.9

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendimmediately.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):571
                                                                                                                                                                          Entropy (8bit):5.368387435739017
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6t5LzIKSSj3d2k0uknxFJ+PF4MVIRMJsYJJKHLrdas5MHS:6t5Pj3MbuuHJjMVtJsPHLxas5eS
                                                                                                                                                                          MD5:C79B4D9ABAB7F9088963396633373130
                                                                                                                                                                          SHA1:138EDF86F524355BD7E037FC1E21DCB1D6AC077B
                                                                                                                                                                          SHA-256:31C8327F3757FE4A889D6BFC13E8B778A9CD09119FED103F8B60DDB10B7270E2
                                                                                                                                                                          SHA-512:E762F3A14D737C26B94524120F0BD65613DD1BAB3E1877F588B9579C2A67CFDDEF973A4D50A78BF886ADB67398F1974A20B77310EFEBA690F3B06AD55384595E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........-...9...B...9.......X...+...=...9.......X...+...=...9.......X...+...=...-...9.......B...-...9...D......transmit_analytics_event.set_analytics_event.flags.timeout.analyticsSDK.get_analytics_eventa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.SendImmediately4analyticstelemetry.events.AnalyticsEventHandler.require...//5AF2B3F30CA2477B8884BB0D801B1721C9FC6976C639E9179DE8ECBB599B8CA365CD6F815DF94702B8EF29344880D003B55FE2897CE4189C2F8870D5FFB199E9++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):407
                                                                                                                                                                          Entropy (8bit):5.443442104534436
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6AWHuknxcW7NPl4MXFQMJsYJJKV7gehAoiljaDq:6FuuOMXFZJsPtBOoU0q
                                                                                                                                                                          MD5:E8DF367056FE2ABFE9304728B0181C4E
                                                                                                                                                                          SHA1:7D1D9096FD18F373FF19DDB5406C8D4176A50461
                                                                                                                                                                          SHA-256:DFC8D29D6C889BC0A5700446E389197DE191EF1B5CFDBA64CF2167E8334C3FEE
                                                                                                                                                                          SHA-512:23D4D5C28F8B2D3F3242BE50DE34B8E54FCDADB78D2DF8E20D0FE26ACCE27506CF9E364434EA614F5B7B80C215DC6B98101C5EC2A94003DC93B0A30C33CAA2D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..6.......6...'...D...!send_on_ping not implemented.errorW.......6...9...............B...3...=...2...L.....send_on_ping.new.AnalyticsEventHandler{.......6...'...B...4...7...6...3...=...6...2...L.....new.SendOnPing4analyticstelemetry.events.AnalyticsEventHandler.require...//21398B440EA28FAF8D99DD7EA2BD636471BA9D882AE2E076332081F8193BDFD81EC66AC532DD528EEA1411464872F558A57639C30F53475D3F51EA51B5001805++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\settingsdblookup.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):405
                                                                                                                                                                          Entropy (8bit):5.508156056649387
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:67klvhpCl2IWm7RYvfOH6eaA0lbDPeX3t7/:6EeJViWH6blbLq
                                                                                                                                                                          MD5:A288B56AD5CE337137C0A3B8F600F5C3
                                                                                                                                                                          SHA1:B9D7D321EA5B63355C10BEC920E4231F35E70490
                                                                                                                                                                          SHA-256:87B778D9AEE383BBF5D607B9F6FBFD6788C48E87BD673B0F4F3EA682A9DDB1E8
                                                                                                                                                                          SHA-512:955FFEC02DDB6E6C9998B570031FE8169657D1C8454AD0FB6A17B9DA6C0051DAD058C6B7C800F307C74BE613979317CE320B85EA6A4CC9A265140230B147AA3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........'.......X.......X.......X...6...9.......9...'...B...X...6.......9...............B...........X...'...6.......D....tostring.GetOption.settingsAInvalid parameters supplied for get_setting helper function..err.log.core.(.......4...3...=...2...L.....get_setting...//2F60F4770EC82BE45FE951736A149B465D3E892E3CA2FFC2A21C625294129A5F4E4AEF90C0A32469DA9727A56B1BA8853AE964C8267917CB5AA0FF71CBC4BC88++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\smareputationcounter.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1675
                                                                                                                                                                          Entropy (8bit):5.812628804473798
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CiDSFhorowIgf3Nah9LbjM1qj+IQdXoiz8SDAJJKrkJcOahg:PujxRgfE7bjM1qjYdXz8W0JKYSXg
                                                                                                                                                                          MD5:F1530A4A72D6FC8A138963122A592426
                                                                                                                                                                          SHA1:28012084AD424E7E45498BD34B46DC6C4894CB85
                                                                                                                                                                          SHA-256:2C5CAA83B99DFF814D665F8615F9CC6F6C0C4E91A9DD9BE54032B49305C0B591
                                                                                                                                                                          SHA-512:CDFA76E2B91E3B753E6529D2624917B213459A6143985D8DC7733C0AD074BC145E886631F3CA1A7A5E44E3726F9C736FCEE907EFB2CF2A68C6848579CF552EE5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........C-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...'...6...9...-...'.......'...9...'...9...&...B...6.......9...............B...9... ...6.......9...............B...+...L........SetOption.GetOption.settings._.lower.string.defaultFAnalytics SMA Reputation Counter handler passed an invalid event..err.count.color.site.browser.get_analytics_eventEEntering Analytics SMA Reputation Counter Handle Telemetry Event.info.m_logger........Q-...9.......9...'...B...+...)...+...5...5...5...5...).......)...M.>.).......)...M.9.5...8...=...8.......9...B...=...+...).......)...M.".6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...8...<...).......X...+.......X...6.......9...............B...O...-...9.......B.......X...-...9...B...O...O...+...L........transmit_analytics_event.set_analytics_event.SetOption.GetOption.settings._.lower.string.hit_label_20.upper.hit_label_19...._event

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\toastcheck.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2284
                                                                                                                                                                          Entropy (8bit):5.688225802861164
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:QZmvjPkSALczlpJbZ1ef/czmg2bRTHZ1IJWvD8PJD99nJlQXB:QZmvAZoJ7bmg2bRTPsWvDo59ne
                                                                                                                                                                          MD5:C29B48B46920AB4EAD3A21EEB77D1A00
                                                                                                                                                                          SHA1:7F075528E4F14A5AB87D4EA8034307CD978B3876
                                                                                                                                                                          SHA-256:E4C90BDFFA953F6D93BDCE6DCCD1E960F369C5FE514CCEB4263D31E6BB690B5E
                                                                                                                                                                          SHA-512:3DBEE74CE0A17FA8AF1A10C158321000AF1D4AC31609A695970CCD0F0B2A5A30D981C85EEA3FEDE58134C8276B0591394CCFC9DBD0E374364961B38CB1B8F5F1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..#.......-.......'.......&...L......_w.......-...........B...6.......9...+.......)...B.......6.......9...+...........B...K......SetOption.GetOption.settings.>.......6.......B...X.......X...+...L...E...R...+...L....ipairs........i6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...5...-...=...6...9...B...X...4...<...6...-...B...X...-...........B...6.......9...+.......)...B...8...<...6.......9...+.......)...B...E...R...E...R...4...=...6...-...B...X...6.......9...+...-.......&...'...B...9...<...6.......9...+...-.......&...'...B...E...R...9...=...6...6...9.......B...A...=...+...L..............encode.json_parser.tostring.metric_value.ping_metric_id.None.Last_Failure.SetOption.GetOption.settings.ipairs.Schema_Version....Schema_Version.IAnalytics ToastCheck send on ping called with invalid configuration..err.m_logger.triggers.ping_label.get_analytics_config0Inside Analytics ToastCheck's send on ping'.info.log.core........U6..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalytics.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):767
                                                                                                                                                                          Entropy (8bit):5.4781836322079815
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6kQ5GlsglzZ7GlsggGlN6W0oHQp3JhEJ9AnuyzRu+nGpIjbDckndhhlSJg0qNPPO:6N5VglN7VggGl1QTSJ9AnuZ+nzDcunhc
                                                                                                                                                                          MD5:813010E03F53082949F857AB3AD34D0C
                                                                                                                                                                          SHA1:2C0AEB8AD7C01A7B0C4CCC7E6E8889CCD1AA72DD
                                                                                                                                                                          SHA-256:C5AF7F0E7FCC80D0A2F47DED1F8665F7AC0969E9F722B8AD89013F90B36FB33F
                                                                                                                                                                          SHA-512:08A435E9ED068E072D689955CCDE370D6690D15EBC3A03EEDC9E1093C8079943F9A20B2A05068E4BEBB8CDF8E669CDBC173D5D188F3B91C72911817D31A94207
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........#-...9...B.......-.......X...-...9.......9...'...B...+...L...-...-...9...8.......X...-...9.......9...'...B...+...L...6.......9...-...9...D..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics analytics handler.messageQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.........6...9...............B...5...3...=...2...L.....handle_analytics_event....msad.files.safe..msad.sites.safe..new.AnalyticsEventHandler}.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalytics4analyticstelemetry.events.AnalyticsEventHandler.require...//CAB46F8B4979A9367CD8CC9D65DE914508BF352E34B41B25FF46C215AEE55DE9481C9C8B7B95518D8C91B46ECB0154E69B12E21F660EA42EC64BF3F864536427++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalyticsraw.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):616
                                                                                                                                                                          Entropy (8bit):5.509919989918288
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6Tkq5GlsgyP26WfEFyi9AnuyzRu+nGpIjbk0uknxFJ+PF4MaoMJsYJJK9M64UcV3:6X5VgyP2cyi9AnuZ+nzbuuHJjMaRJsPI
                                                                                                                                                                          MD5:33255E585532FAD946CFA0C6C30D1805
                                                                                                                                                                          SHA1:FA0C203AAA2D0CFE0E241081FE116BD8706540B9
                                                                                                                                                                          SHA-256:7A1C49F3197F47A2DFA2B9A612C238CD248B3C4F60C8A83217ACEEB13759D32C
                                                                                                                                                                          SHA-512:D45E3C14E15758679313407C1A2F7AC16C5CC9BA6A391109E0959D216061C35FD67F0CFA3AD0EF9DE2001E664EE89A4C8E4FEA9DD5CB348E149DDBA4E45B5783
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........-...9...B.......-.......X...-...9.......9...'...B...+...L...6.......9...-...9...D........message.PublishMessageRaw.wssEventSenderQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_eventa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalyticsRaw4analyticstelemetry.events.AnalyticsEventHandler.require...//4C5EF8E50932A718928AC60DE5F3A3091AA4F2F5662105885F24C1C87AC0E7C510992B1F2E63BE4D10838A77FB022A976EA602993EE8EA650CFBAE6F4D302649++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\browserhost.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3931160
                                                                                                                                                                          Entropy (8bit):6.517200498178353
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:viT3zh7BuogehP0Dm+ItKnrLCzWUNCY1x9CH1S5j8QaAqZHLzee6dy:yuogeRd/S+jRaA6Gy
                                                                                                                                                                          MD5:CA79242AD42B4477057E398550249B54
                                                                                                                                                                          SHA1:6145A551BFE7014EE23AB9AEAB4CAFE177B315CF
                                                                                                                                                                          SHA-256:146BC884337E506A0473149D28F84528301759FF31086A033865EFB1E44B2720
                                                                                                                                                                          SHA-512:29BAEE39940B7688C40E57587F77E4490A364970C8E6CA2DE55709DE19352F2B3E5D91A8B3E3188C1B4953EB471817716F6B359B0F1A6D04DFFF2E59C9869C42
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......./..Pkd..kd..kd.. ....d......yd......ad.......d.. ...fd.. ...vd..q...jd......yd......jd.. ...xd.......d..kd...e......:d..q....d..q.#.jd..q...jd..Richkd..................PE..d...'YWg.........."....$..,..........P%........@..............................>......S<...`..................................................*7.......=......0;. )...L;.......=..t...N4.p....................O4.(....g1.@............ ,.X...8$7......................text.....,.......,................. ..`.rdata...*... ,..,....,.............@..@.data...$....P7..h...<7.............@....pdata.. )...0;..*....8.............@..@.didat.......`=.......:.............@..._RDATA..\....p=.......:.............@..@.rsrc.........=.......:.............@..@.reloc...t....=..v....:.............@..B........................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5985656
                                                                                                                                                                          Entropy (8bit):7.997073443075553
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:T+PQByUNM+wti12AJyTJs6mEzHohlciWocwyJ6TW9TFIfvxzNfuTeaFfPzemlu:i4ByU6+JyTKbEDoXciWoSdF+vhNf4TeV
                                                                                                                                                                          MD5:EFADC0D22983A99516DDBFBA3FD6F1A5
                                                                                                                                                                          SHA1:A64D75E07B8535FC7F71F33684CEB852E6784FA9
                                                                                                                                                                          SHA-256:B4F29215D91B81325283EA358CB73753D53392874637C501F3009F0718091461
                                                                                                                                                                          SHA-512:479F98D3D2C868F7189F09669A92F941979679F60525229F917F8B351BFCDEC8873E8D69D3153515F660A80D666E5F4A0DF8CC00F59EC1B423AE1DFD48C8B6E8
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK............................app_launcher.js|Uak....._1..?.,r\...x.4.B.>..O.R......2;.+\.........Z.v.sfV^..... ...ww......Ow.........>.....{..-C^......<.7......#...!..j.:...G...`..........h....k.s.B...@q..@...HV...M.a'..~."E,'.N].."%.9[.O.R.O.....h@.j...,o',.9...../.^bLR.0i3.'.....)D........=K..M.V...B.;1.#`.Ta......3;;va...Hq..N...E..<.d.O%<...XX.2..`....FI.+W.H.t...`l3Fc.v6me.E....!1.5...O.e..c..]w.L.M........N.c.B.U...6.`..H...H.<D..&.S...1L."t. ..Q3zVg..k..A.-.X.....i'h.Y$..p:l..i/=. Y.i$B.]....Is&U.......H...I.....J.l....Q`.x.Gh......H.l..n|.!<u.....5...]b..T....F..W....u.7'......|-<s,.....p}.....&.?...;. ....@..%%T...v.[.jz........Tk..p.UA..T.P.jvu..T..**....:SU.|..2....../..4.X...\....w-.^;\...y.bPTR.Rz&.K..f...C._.v..|~....0Y.y...W......u......fC.~..}..i.vL.]...+.cS.s..s.(.P...Cxm..?.4.c..:j..\>..9Iz.\-...}.\!pT.,...W..Fw..K..*p(..P.}9..E.(..Hf..*M.UP'.\.OC._.rm..y.P.....~.....;.8....a...O.,.Xe:S\(.r.%..."y...Ynu...G...@..#VY.(.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):358
                                                                                                                                                                          Entropy (8bit):4.783729084285157
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:3FF2b4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:1YJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                          MD5:4BCE68B8CBF044EB70958BC6018D0F01
                                                                                                                                                                          SHA1:46B4482884D6062CF15E618B8035BD1E675A3EA9
                                                                                                                                                                          SHA-256:FE5A9A409388CD8E5D6AF76E3FC8E8708F697F2577886BC3B826B4D591CB4306
                                                                                                                                                                          SHA-512:0F3E86AEB29E202E2E36E4E1859AFED3F17CE65246E90291CA8413287B94798A42309EB27E5CFB67A0B48A8C6D14174FBFC3F36EBE25B7BD8D7800BB78671047
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):357
                                                                                                                                                                          Entropy (8bit):4.7907114893123115
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:3FF2Eas4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:17aWJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                          MD5:BEEC1609B6AA63B29247C7C4805CBF32
                                                                                                                                                                          SHA1:A9AF06A9D648857FDFBB8BD0D1B6A49840FF0232
                                                                                                                                                                          SHA-256:BFFE531435235BF8801946B9BC8654A79727FD6D591DBB7BE173BE9A55FC6974
                                                                                                                                                                          SHA-512:36BBB47F67D2B112AF77759E637318CD79560156B3B5A1007FEE0CB0A9FDE3E26C99D980D2160DF0A730304A43D3D16D2F28742E44A5303B81C0FEAE78A176FA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.478002392539657
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLPbKq8GLfrCt:7rrSOX8BC0Bj5dXEC0BjyKS0b/8oCt
                                                                                                                                                                          MD5:3410423B9D7B023BA74C63F07F99235D
                                                                                                                                                                          SHA1:5109BA37F63F1FF50C07F925FBB4F81B4D304A10
                                                                                                                                                                          SHA-256:BECD6B3499F92B282494A55D59C826E2CC293119D04164E7FF586AF13E436D8E
                                                                                                                                                                          SHA-512:2D7858B7E603666FBC6BBE29E36E62EB8DDDF4308F5D0AFADBFC3631D5A5C916F79FD15818226F4382548C6B97EE4C82E9D429E3F3CE0B3C07AEC274AA7189B1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//170C272373DD9D70DD07D3078B003D50C1703FC86F85DAA23AD470B978AF27482F6639AD74CEFC108CAD71CF5282E7443B9659D3F66218FECB7BF63D25FDA524++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.45820186251319
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLRinpsFkS6dxq:7rrSOX8BC0Bj5dXEC0BjyKSoFkvq
                                                                                                                                                                          MD5:2CE0087562892070D641D509DB32DD54
                                                                                                                                                                          SHA1:7D9ECFBB816010CFFB98627FD39A86D371E117AE
                                                                                                                                                                          SHA-256:A624B6BFC871D5E57FD7E1AF5B0328DBAF7723C9D7192021B08673EA4F079A26
                                                                                                                                                                          SHA-512:C70C4B74237C077877D436B2C7B6B2B1E7B7B22C4955B5A19352F4768A4D21AA7F76E5C8FD43B571DCB008FAA22C2080F0F509795D83DDEC6B17310E8FE35F21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//DE4789EFC404036F254F89D75AB1E47C57D3CA6A942662C9EC6F89BC6DB6A0D7B1DFA6DA422823197A9FEF248699D117FF9A2764D737AE5996DA82C2FA1AD905++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.4461883658600305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL2TdEhuGhwVbj:7rrSOX8BC0Bj5dXEC0BjyKSREhWVbj
                                                                                                                                                                          MD5:61C640F0D948B87E20F9FBFFEB77A330
                                                                                                                                                                          SHA1:9F5ABDA83E0C7F0F3D83170E3339A7AF2912C7B5
                                                                                                                                                                          SHA-256:992438959C209FD4517A0E7023436301425CC6D27757F26783FE360D7422E0B5
                                                                                                                                                                          SHA-512:5BF2939DF94222647EC27DB611EF50D4C6AB6B571F327A38572518A9A414869A08343DBF2BBE3F939D62A8FEB48E7CD621FE8BC2DAE9FDB97046E70F7454D705
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//EFC1EE5B000C51F38E99D71E91304386AC8C570D5DD9CDC91758712E81CDB04BCEA17EB3C7D3EDC62DA96FACAE8331434DC71D1A739FBF611C48686DB31A7A8B++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.463440158175525
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLxThs/VgKX29QO:7rrSOX8BC0Bj5dXEC0BjyKSa1s/SBX
                                                                                                                                                                          MD5:AB213B8B678499E34545107A3F29DD6D
                                                                                                                                                                          SHA1:69C9B45E6D29DAC2B8C13FDBEF0F61B9404F8B03
                                                                                                                                                                          SHA-256:230237CD0094158BC14ACD53455E1DA1FB0D6F66A8C22660993A8BD1A2F7EFD4
                                                                                                                                                                          SHA-512:A6D1E6D065F3F933C7E383A658E206CA0E7F21FCD9E32D197EA73F51B7EA6191B5E9F24ABF501FE07193DB77F417BEA69B9620A8DA8014A8C84E41566159EBD1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//8C8EDC53C2A798D8B8D350BAFC5F57DEA5A52F21A530381F8E0EF1CF522FEBFC114D3245A62C07CD059D1F3543A380539D4C9D7D5467F3632256E4A4E8E72368++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.467789482393415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLV/KWsFFNrk3Pn:7rrSOX8BC0Bj5dXEC0BjyKS1TdMPn
                                                                                                                                                                          MD5:4B4F53A26CC390BD46AA5E2F788E3EA3
                                                                                                                                                                          SHA1:62BC3F2752C7311B2C8790A864AD13E1DF1B6F4C
                                                                                                                                                                          SHA-256:9E8D7F02744939ED1E6A1B4B6CD2EA1B23D3982B288A481A5A376F8160352806
                                                                                                                                                                          SHA-512:D5E3480CB2FE8F27B700E9CCADBE73DE4A35757601743421576D8DC34EB54A9E949276C9C44355DA63CD0416C0A1C6DA37E41DE80027394014638DED4334A3EB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//33A26F8AB0BDA7AB05E99D60F4F621817338ED5758F0C32F0F619D96E500D1FAF0C6475E53F482DADF1A8C68C9FBB46B7C5F4825EDCD821555BF2A2FF44E5E6F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.448414128170323
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLcfO8ANNC4g:7rrSOX8BC0Bj5dXEC0BjyKSZA64g
                                                                                                                                                                          MD5:C1D503621E5A9C14287289E37F9EA3BB
                                                                                                                                                                          SHA1:D28E3CA01EAC333BFEFF8A058F4CFCDE60EEF482
                                                                                                                                                                          SHA-256:3E3BBCA2FFC1C3C906AA3890E9F820A014C46825BEBE31478F9543154001F58C
                                                                                                                                                                          SHA-512:823A503277ABBA0BCADA5472F17A09587C6C805E21485FC307BCC7AAD7A1D6DE492AE511CC152B6053551CA67646F797A90085F046C6352AE6506F1046702CCA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//800E8484F6D0DA03B1160E6ACBCE9316EFD8E385323AE0EFAEC6A52BFFA61413A9FDBA5B65C4E03B788EE0E35709753347D51AA8196900CD480E183B3B4697FF++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.465072364155408
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLSUEsiYqLzg34:7rrSOX8BC0Bj5dXEC0BjyKShxBLzg34
                                                                                                                                                                          MD5:9D5D3C1DDE30DE91108EBB542CAB5600
                                                                                                                                                                          SHA1:DF459112D06C18206E861E7FC5B03A42FD990961
                                                                                                                                                                          SHA-256:E455B5D287F20CB26839DE4BD471D55BD85F033FCB0BD67C2AD31E6FB82D7B06
                                                                                                                                                                          SHA-512:4DD1210E6F86B2F9282B391E08E741AC74B48BA2CCED440D6888361BAB6963E8775876C462F43E1439DEA8F42C004087941D779284C4E7F8D84C6EDDF07730C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//197E502E240A4CA940A10248DDC7B457E66B1914812253E76922527458780623CEBB4355839FAA94A8AC20E4AA84E2D3E4F05034C99B545573140DF684051FF7++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.450475785026495
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLppMK1JGNrOu+AV9T:7rrSOX8BC0Bj5dXEC0BjyKSwp93s7+i
                                                                                                                                                                          MD5:4CA33ADF377846302AA9DAA2AAE4E1BA
                                                                                                                                                                          SHA1:D203BC3DB5801DBB3D71DF8E75915390A3DDEB3E
                                                                                                                                                                          SHA-256:402CCF67CE7A9951D946564F5E226446EB96DBF94497F163BFD24E798DD9B661
                                                                                                                                                                          SHA-512:1E89577B1D2FD48B228724F82842A883D2AF3097663E15F468A43BBF409C7B91E854C2FE746EA7418CFACA68BD07B32FFE4A9485F1520C24777A2EC907A139D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//9F617C02EB2854E54701D6C82A1DCDAACADD1D378E21B16805111FBEAA77599CB9A3674789A71AA3E5F3E1878243417CD515BB3708A13B3C0DA9DE3F13F295D1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.481524147070895
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLmeMRrM:7rrSOX8BC0Bj5dXEC0BjyKSY
                                                                                                                                                                          MD5:9766BF4631C38C443F90A96BF2AB8850
                                                                                                                                                                          SHA1:4F0377CE71C77B6B3428B321DB9337C0FA99F7D7
                                                                                                                                                                          SHA-256:3751DDC1CE3D2B012A05F3964CE95C41F4A5768DD72F989AF104ACEF3732B970
                                                                                                                                                                          SHA-512:FAA42E18C39937CCE6473C0BC8CBB0AC3A4ECCD3BECC9DC8FE698C18591AF6BBE486B22319D709FCA69AE18FF0E1E3B22D2BD8A8A0708AAB107A3F5B9EC4C3E1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//67E264B2CB7B527F0921289C594BD303A45323BF11ADF4C68EC7DD65C01420A8E25FF931FE23816796C416E81C7627DFD3D557614DD0BF8D9F829DA7A0FFDF72++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.47132080555524
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL3zw+6e6VR3S2Zl:7rrSOX8BC0Bj5dXEC0BjyKSqzcpRCOl
                                                                                                                                                                          MD5:ACC4ED97C4563B2E64DEFCD44D78B8B8
                                                                                                                                                                          SHA1:B42881266236C3634850B775AF19340D44DC9EE7
                                                                                                                                                                          SHA-256:B93E215A6B95B7D4251812A8696C70E3C61B4D5E8E7FA4CDDF67976E6443A50C
                                                                                                                                                                          SHA-512:45B58202CEB8DDCA14A77E04A670973D877E5A295AF887FE0E2FEDFC1ABA5AA573B7CB4A3C90A1B4259FADC8BCBB3CE10DB18294CC68D009B92F51BCEBA6C7C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//DBBE25382AA6DF542447F36EB6CE5902E2511B186C63DB0ACDD352D5B50D848DD6F0E4A0936BD5301F0B550E79CFF7DC112145C505B12589C745F7BDF32A29F6++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.487560968790192
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSC9n0O1oS5xR:um8BC0d5dXEC0dyKSC9H35
                                                                                                                                                                          MD5:20D85274B90D12ABD222AB115EF43214
                                                                                                                                                                          SHA1:F5E71C94568574379C1D6BBAE3A643BDCFBD0857
                                                                                                                                                                          SHA-256:DDD51A060019E5C31B78EECC00B6E950EE3BE5DD26242035995AE766B6724E3B
                                                                                                                                                                          SHA-512:3C5E81224EB3FED271D6529638DFABA434700F70226845A4AC169BA4B478AAAEC004409D696DF7073F1FDEB09CCEC8F390E3CBEC9341F24004DE4F3EF3C0D89C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//25A992B7398B877194795B5694213D623B4A022693F7884E49A475C730D91943CABDB60F10EF1EFF6B546C8577D3A889DFAAC46B6330F3190002C0C170217C52++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.480787895471054
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLGFG1BVmCu:7rrSOX8BC0Bj5dXEC0BjyKSBGnc
                                                                                                                                                                          MD5:C70C36B511E82B847C7DC46F327E47A5
                                                                                                                                                                          SHA1:05FF8B9392EB32493F7A286F384A1EF78DE62910
                                                                                                                                                                          SHA-256:34C21790DB18BB71E35076C11AA6E2E78115889985B9BAA9034B77DE32BC414D
                                                                                                                                                                          SHA-512:24E7D0F6D2BB3D360553BE8EB52761F72C2E75CDA53AE1AF26D69A9D97AE7E1FD70423BCAD9BD06E12EC60B7B70A979B79BC61AE9E4A906024EB6523B7C021DA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//0796F1E4B93F54298FD1A8B639684DF0641E3B6D0B13BE63E69299747C749117CF4208D1F60D5AEAFA50699DD05F9816334037A7B528BC3E6C43199311D74D8C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.462903513812164
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSESpeMLc1VP:um8BC0d5dXEC0dyKSPppcT
                                                                                                                                                                          MD5:8697DF2F89C4CFED17AF75E933248049
                                                                                                                                                                          SHA1:5BE052DC7DD91B28A592587336A92B4811B635D7
                                                                                                                                                                          SHA-256:F8FC5B6F79C3377A361677A141AD9AF9C5EAC136E18FDD841CB3A7FE64037914
                                                                                                                                                                          SHA-512:2C91638962B1C47492E5E24821994592BEC0E0B092560E4A4D689C1465781A5220333BFC7984CA120CD5D4047B4993EBF09C44F28895187C62E0D4A52AD841D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//771FA244E7D097EA223ECD7BF9A2B9DD2F8371E2CF00479AFB61FC86CF275850B4FA3FC056087776EAA15B2A52F5CFDCC0C8251E0C68411C689AB4D6BB121B19++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.451823404854838
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLsvGcPd3:7rrSOX8BC0Bj5dXEC0BjyKSTd
                                                                                                                                                                          MD5:CC177FD362B9B177DAD1EE258BB5985A
                                                                                                                                                                          SHA1:38E916023D033A20D2F087DE9D3DD955CFF42FAC
                                                                                                                                                                          SHA-256:7733DF6E8715ACFEC2BE7998D4846756E00AFE9C78318BEBB8A4D229E36A00D3
                                                                                                                                                                          SHA-512:021B2395B81568797A45E1A8112F15DB41625CA8D7548A8F3EFC47FEBD27B72B6B5FF6CAE0D335F3779098F5EF83402B6C3FE086B3C1A724CDBADF6370079074
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//D9CF9F78740E0EC220CDA03ECA26E011AE407F902C5717BE3B9D3C80D0107189805A795D1B42126A26EDF0C7B146AA4BDB2D4E1CA7EAED4F2BB3C3C9F6D43285++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.459097531412527
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSxsD8ddFSop:um8BC0d5dXEC0dyKSx/doop
                                                                                                                                                                          MD5:87EC7329B9A2504FD57665DCD93EA440
                                                                                                                                                                          SHA1:3481CADB9557E568ED8264A3DDA382EF1AD627E0
                                                                                                                                                                          SHA-256:0DEA84250C30C1DF133C1B04785DBF556263685FE8B13F69E7B0D8950F6261E9
                                                                                                                                                                          SHA-512:1CD7E5A363909A712BD925686F306709B5D6A93B91AE124C790AB2BF009B8337D3B273AFEEE4360F48DDE1F3129DD0531A2730E08BBBCD3D3CCF06E8E14B98C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//E4B753978D948C3BCBB586B78060C1C908BF014C730ECDC5BAC9BC50C638D3C89383F2ACFB67E8DB7B0D3C45D4C3475C4650DAAAC70876854587BE88B88092D5++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.471152494094452
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLTgjMYTE:7rrSOX8BC0Bj5dXEC0BjyKSEoMYw
                                                                                                                                                                          MD5:BC0ABA9C4CE9E942493C40DF9A238949
                                                                                                                                                                          SHA1:C567B6F511B9EE761E69E0F4463FB2AF60BBB721
                                                                                                                                                                          SHA-256:560151438028B1E5F20D439A0150E6EC1444F7667312B0542473E0725DE48790
                                                                                                                                                                          SHA-512:7B124700B8CBFA16F53F77789F2436E809BF5578A3D74C9E6008F4E13819A4E2E3AE72890F1BCA41989B466F73574A956742C09D3641AD95D50D8D8ACFE058FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//238C493BC13C059A7590D647A34B0E8C16A127C95CEAAF28B45B8CB38430FB02EB7DD11740D2FFA9B8784D3B128F59E05DAC3CF5451DF6611ABB6199310FAA20++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.450746110524956
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL9Gi3Wj/lSBk:7rrSOX8BC0Bj5dXEC0BjyKS8n3kNAk
                                                                                                                                                                          MD5:8F53E40982BCAC8D45A5F639B7EF7AA2
                                                                                                                                                                          SHA1:59F456D1F9E5A87839C6C360A5F928EA23A3DA66
                                                                                                                                                                          SHA-256:D6FB842ADFA2B5CF16827F8F8BBBD73563F699E48197442BAEFEFBAFE9463A17
                                                                                                                                                                          SHA-512:6855EC2A8D9657B37620ED1E8FA87467B4C90DF79EDA35B86B0A0AC3E69690E692CA724F1B0CAB9AC41F0BE3A379CCD090B6539783AE6AC53CDB4F0DA8073D4A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//5DAC1438231AF6188CB4EDF6E96DB68E01EF46AA2546A36037386015AE0C1E9661D9AE8408389F6F23C3B908A19BDDB83D1C0F3450B1B2ABECE8DB65D8C24F89++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.459480754994661
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSouykPkylZb:um8BC0d5dXEC0dyKSou3PkqN
                                                                                                                                                                          MD5:0B30C3F64A2BFA1B9B4016A6C845190C
                                                                                                                                                                          SHA1:68A15807719324798679D041AB036890F73F8672
                                                                                                                                                                          SHA-256:5D3B4E4D7A3AC77C03E4DFF314DC24BDFAB76D20E2D216DBAD8213954FC918A4
                                                                                                                                                                          SHA-512:7DAE4E5ACD4983822F48E49E48DE47B8AFDD47D4616158B517F8925034D7412A016FD68657BDEEC732B46354AE429741D9C00B8BFCF621B506A3453C9F6FD9EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//1034E1EF549D1DCDC233A68773E4A7D137C12BC7C0EEFA8A3C282506887B337765BE6E304F3E17A4A63559A7270957B5A37DD7BF291D898BFEF2CF1DE383991F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.4578715329046235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLI7ktDT988fL:7rrSOX8BC0Bj5dXEC0BjyKS7+DjL
                                                                                                                                                                          MD5:9F7DC1ACE7B73892EE50A6545DFA83CC
                                                                                                                                                                          SHA1:6EB701564900B80AEC333E7978DAF803302D2DBB
                                                                                                                                                                          SHA-256:8772F8019C8E43238FD3CC8245252ADAED691173B576C11CE2AB9F7AB6A9CD6E
                                                                                                                                                                          SHA-512:19894199EA7B99CBECCEAC50ECDC878029F4637D112A4AADE0A1443283A7410840354978BE9207C78B89F16C7AAE35B4CCFF53A5A6C6A8EC6CEB8F7D3C3ADA44
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//67DC12E3E58036558E2EA7EB6197C862C7C8879BBB3C05EFE202D72CC023C73236E70655FB44B135D99BEA9CEFA325BCF779BC9D7663CB53B533E93F0D2FF624++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.452713758915027
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLsLdhv6ktsw:7rrSOX8BC0Bj5dXEC0BjyKSZLdEw
                                                                                                                                                                          MD5:056B6616A05E445D3FA7D9E9C37A47A3
                                                                                                                                                                          SHA1:DD78B3BBB306B9A4EA182E002C56C618E8A3A254
                                                                                                                                                                          SHA-256:FB8CF477130D5BBF99DFE38C418CC533B66FCD6EBFBEB03821F13227C35FF294
                                                                                                                                                                          SHA-512:177E3D758F1C3A2B06B90704E95D216BC668DADBF5F06710DDF23B08D0C473EEE0A84EF77E41B2C6F30B619016A2862A8BE0CD2E5E4A9AEE6C448924C5B30514
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//CDBB8A3CCBA0269F2197E46FD682E1B59A9A1061B8AA26978188C2069ACB1179019D014B34890ADC9B0AC825494B21BE841446BA0E8734B678178816D549CB56++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.473380197780306
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLkpxgQjT6hn:7rrSOX8BC0Bj5dXEC0BjyKS5ptjT6hn
                                                                                                                                                                          MD5:DB43C21F2271B397D7B5909A53FE38C1
                                                                                                                                                                          SHA1:E9F022DB0ECEC8C5642B0B7C3551AC666DF92D76
                                                                                                                                                                          SHA-256:CE7395F2238B5603C7382AC1915D1FC581AF24D729930E7D7A2145AD791517CE
                                                                                                                                                                          SHA-512:15698CCBE6969776EE0FA6D44C1C617BE490281362E457FA3F9DCF0DD0D863458B3D659378B32D790F45CA6DC4D8046DC581F8C5BFF837713E1ABBD1FB5FF4BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//86F7645CC88253D58957AC5933573C7246547A7549D8F6E71E7486FE351F82C9FAF2F6974D771329EB0477FEBEECA2D8F606D6DF66DC96293B335B1C86DB9ED8++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.461249326785134
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLQcjHfJiS7:7rrSOX8BC0Bj5dXEC0BjyKSghiq
                                                                                                                                                                          MD5:435A9C4F81763B978ECBB1C99B3693A2
                                                                                                                                                                          SHA1:48C8BDDA74C684D968C361C9964FC572A65EB795
                                                                                                                                                                          SHA-256:64B73C84508FF05EC83EC446B7878E044FC831ADF2FAA8F7B47E858BE43B865B
                                                                                                                                                                          SHA-512:DD24DD4E8F908E4647EE466603F219A4162086E7EAB528AFC5B0867A9EBA4C106DF7406C2F74014AF76A83262D5897A2A9D76F848A7DB4A6D964440C586CC57C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//2C6565085DA6F74A6EB5A92F2E1D22CEB3CC9BD312E056B0BB1A0B2755FCF705AD13F8507E2CB381C81570640DB6E4BE57278E7F7BCD4F4D1E1529F60FB841E9++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.446820266860203
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL6f1OeEv0C8ccsEOO:7rrSOX8BC0Bj5dXEC0BjyKSbOoccsO
                                                                                                                                                                          MD5:F8CCC13B0166600BD5B77E424A0B5C50
                                                                                                                                                                          SHA1:1CFA3E02B2176B29D7FD3CF1303272F4AFF82F1E
                                                                                                                                                                          SHA-256:C69850853289B66E722D1553451D5B3F46900C1D488A1EF654EAAA1366BFB8AA
                                                                                                                                                                          SHA-512:DF62E02C67D3DCBE81D001C1224ED84579D38FB2C1B7D6DEF19B244B5EAFF5B65F3B58937674423A5E32A7F4B212779C7439F98C1A0926E1BACE3D759A30ABBF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//473DBA04D8A20814BBA01FDAB002E47772A45021A1BB9566C1AD149C18DC5CDD8D13826CF4DEB30D7A7D1C2BECE0D7315ACEFFD29481D1EC8B2AB18960B5574B++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.461095188089534
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLoj4bhEx5U2C:7rrSOX8BC0Bj5dXEC0BjyKS/4bho5U3
                                                                                                                                                                          MD5:674F615000BC5A8BCA213B7FE45505F1
                                                                                                                                                                          SHA1:A33318EB56BDDB9E9C6415673318D3E51E5CAAA6
                                                                                                                                                                          SHA-256:137EAD881360C9C563FF6C708D50D1928B2C0519ADFD31F52B923D53E3AA2257
                                                                                                                                                                          SHA-512:4B930F27914DC67D8C46759C74D241973F2110C208A09026052E59631381ADF494B094C60FE42FB5DABDCC09AED0B79758950864E4182E017F996EC1FE3DD72D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//7BCBF56649B8A8DE9694C97C2D7DBB07C8F6392C54EC30E598227A755D8AEA8E23741C801EA17290197F912CFA572BD7DF2FCCCF3D2B2D9251D31116271EB21F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.470616512102546
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL61lpcFBmLcAdQbun:7rrSOX8BC0Bj5dXEC0BjyKSFPQBmNQu
                                                                                                                                                                          MD5:6ED11FBEC9DB6C8739E7A999D4B74EB0
                                                                                                                                                                          SHA1:4F4DD5958816438DC62EFC514A4CCDED75743747
                                                                                                                                                                          SHA-256:299CB08BE417FDF9B909EDC16FEB09B43F668D6BBB99A3BFFCAA2C2CD8773DDB
                                                                                                                                                                          SHA-512:41E6DA0D4778F1213325B3FFCE3CFE71A8137037773347EA6CE5414A5436B2AF5045CB8F47F8E780B9B568424C9305B11BFC2AA5589D14CDF9CB8B65E1A034A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//A6207980C064E27FC18791F5067AE2C3E6E429D262D83E374468377510A78D67579390BCA7F1BA3CE34A49C17912FBA13F856449914C30428AF6617214694C7A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.458089036751079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLU/uQcj2ODKhMt:7rrSOX8BC0Bj5dXEC0BjyKSWlt
                                                                                                                                                                          MD5:8C6DBC15A46106D53D1B6983A825F733
                                                                                                                                                                          SHA1:B7B959D2D883DF827C6F4E01AA3AAD3D96A88A85
                                                                                                                                                                          SHA-256:1B455928749E3FA51A9CC77A145E8B4DCA202EA71EF36BA80DEFCE30476329D9
                                                                                                                                                                          SHA-512:A87727A936D8FDD2A9E636B7F4470AC9BB911D972835130276FC26522A61C8BD31621C6E41653D4916151470558A42188E28BC74573B5484713D0179E06161EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//AFC878D4EEA1BAF07247E23665CE59E698D580CCAB718DF6E608074DDAE4529DBDC4FA41234D9EDD8C31F9132E5DC116DC41C6B22AB4D322A19315330381BB04++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):803
                                                                                                                                                                          Entropy (8bit):5.457116068891303
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLCU1ZanxqMghmh:7rrSOX8BC0Bj5dXEC0BjyKSPXnDCmh
                                                                                                                                                                          MD5:62FC9B1A76459A938CF523484ACD3D71
                                                                                                                                                                          SHA1:EC4A823C94D30DAF6F44C10B3F911F9DC3C36D72
                                                                                                                                                                          SHA-256:CE6C27A84437D9125409085561D28FF93DDA8DFD7D43520987B20D4C96A522DC
                                                                                                                                                                          SHA-512:7D680A571D7992AB37CAAE9E249A5A2A3DD90A2854A31D998492677CE3E7EA99784086101BBBB7CA6612014AD7F792103DD4D549C58BA73F6A6A407FE259F083
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//E04E6AC99547F41386BF9B5FE2D956F687FB85AE9689642B49AD5D35E825F8FA7FB1E94AD52C7ACDE0AFE8B827DF731489B4CCD17EFC2463524E4F80BBE6F14D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5377
                                                                                                                                                                          Entropy (8bit):5.641095543119768
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:WQVBazY8QxuorbT6roQ/CZwmBrqtXNMDUaGCrW+NlaVy98ZDcT7ek81qh:WQvaz3AumireG6HYVygDcTqh1G
                                                                                                                                                                          MD5:19B3AA71508DC95387C4E1EF9E037BB3
                                                                                                                                                                          SHA1:D446E27B6AF4D4222EB5AEE99E3B9863DE8CDC85
                                                                                                                                                                          SHA-256:261B1918501A029BD8AC4CCDCFC93AF069F3F79AF20657E68A17C238DB7C28B7
                                                                                                                                                                          SHA-512:2CD7FB984A63950E01A0AC5C8A81B755164F874404D58A8054F6CEDDA94C5E7E94D67135B992C2F2D365348C09C8972FA159B67B284408B6FDACCFB60803615B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Prob.h. skenov.n..",.. DL_SCANNING_MESSAGE: "Soubor, kter. chcete st.hnout, pro jistotu skenujeme.",.. DL_BLOCKED: "Zablokovan. stahovan. soubor",.. DL_SCANED: "Skenovan. stahovan. sooubor",.. SS_ON_STATE: "Bezpe.n. vyhled.v.n.",.. SS_FIX_MESSAGE: "V.born.! Tyto zm.ny provedeme p.i p...t.m restartov.n. prohl..e.e.",.. SS_OFF_STATE: "Je vy.adov.na akce.",.. SS_OFF_MESSAGE: "Upozorn.n.! Ka.d. des.t. hled.n. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "P.idejte k v.sledk.m hled.n. hodnocen. rizika",.. SS_OFF_DIALOG_CONTENT: "Ov..te bezpe.nost odkazu d..ve, ne. na n.j kliknete.",.. SS_SEARCH_OPTION: "Nastavit slu.bu Bezpe.n. hled.n. jako v.choz. vyhled.va.",.. THREAT_OFF_STATE: "V.straha zabezpe.en.!",.. THREAT_OFF_MESSAGE: "Po..ta. je vystaven hrozb.m, ale m..eme v.m pomoci.",.. AVFW_DIALOG_HEADER: "Antivirus a br.na fire

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5126
                                                                                                                                                                          Entropy (8bit):5.34166175614958
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:uZb3Bdp2fhG5TrVo8Ybuoo/tFCld/lwrYeCEUVlku/TzmV9S9hSFmUihKV:QCfhwrrYbuoG4Z+VchgmKV
                                                                                                                                                                          MD5:79FC174B1449981FA52792ACC4566681
                                                                                                                                                                          SHA1:BE4453DB3F3DACACC1979E3AF55E71878D269E12
                                                                                                                                                                          SHA-256:F4EB9444621C2524ED7D351297814DD1166CF56793F47402242315640D373402
                                                                                                                                                                          SHA-512:2B10F8C22863C76D66F226EE5C359BAADE8F85575867F5F12B56B5E9D1E7E7A134DF1532F13FFB71F75DB968A41B13C7790F3EF95B91882A895F665853029406
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanner .",.. DL_SCANNING_MESSAGE: "For en sikkerheds skyld scanner vi overf.rslen.",.. DL_BLOCKED: "Download blokeret",.. DL_SCANED: "Download scannet",.. SS_ON_STATE: "Sikker s.gning",.. SS_FIX_MESSAGE: "Fint. Vi foretager disse .ndringer, n.ste gang du genstarter browseren.",.. SS_OFF_STATE: "Der skal udf.res en handling.",.. SS_OFF_MESSAGE: "Advarsel: 1 ud af 10 s.gninger indeholder et farligt link.",.. SS_OFF_DIALOG_HEADER: "F.j risikobed.mmelser til dine s.geresultater",.. SS_OFF_DIALOG_CONTENT: "F. at vide, hvor farligt et link er, f.r du klikker p. det.",.. SS_SEARCH_OPTION: "Brug Sikker s.gning som standards.gemaskine",.. THREAT_OFF_STATE: "Sikkerhedsadvarsel",.. THREAT_OFF_MESSAGE: "Din computer er i fare, men vi kan hj.lpe.",.. AVFW_DIALOG_HEADER: "Antivirussoftwaren og firewallen er ikke sl.et til",.. AVFW_DIALOG_CONTENT: "Ca. 864 millioner stykker personlige oplysning

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5366
                                                                                                                                                                          Entropy (8bit):5.342945535147279
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:F20O91pUKtemTKjnkGzgUIzeRF9DQ8YMLOeaTkHzp1E9Cm6uUUZA:F29CKteQKjnkGzwzeRN8hA1EEtBaA
                                                                                                                                                                          MD5:582E51D1B634F961CD005FA07D631413
                                                                                                                                                                          SHA1:76DC23A47487555D7211222823F60866DE9AF3DC
                                                                                                                                                                          SHA-256:CB370D85C7844B2A7762D1FAA1A3FC265C15D60DB8A066A7C216270D4021AC03
                                                                                                                                                                          SHA-512:7E0366642F65F1D48E1569EC81CB382DAFF86AD2167D7F6FA5F1EE306A14D0147BE39385298E64E01B371F48BCB85057DA1796FCEEE5B1B44429F67DA3A65B81
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Wir scannen den Download zu Ihrer Sicherheit.",.. DL_BLOCKED: "Download blockiert",.. DL_SCANED: "Download gescannt",.. SS_ON_STATE: "Sichere Suche",.. SS_FIX_MESSAGE: "Sehr gut. Die .nderungen werden .bernommen, sobald Sie Ihren Browser das n.chste Mal starten.",.. SS_OFF_STATE: "Handlungsbedarf!",.. SS_OFF_MESSAGE: "Warnung! In 1 von 10 Suchergebnissen ist ein gef.hrlicher Link enthalten.",.. SS_OFF_DIALOG_HEADER: "Risikobewertung f.r Ihre Suchergebnisse hinzuf.gen",.. SS_OFF_DIALOG_CONTENT: "Erkennen Sie gef.hrliche Links, bevor Sie darauf klicken.",.. SS_SEARCH_OPTION: "Sichere Suche als Standardsuchmaschine festlegen",.. THREAT_OFF_STATE: "Sicherheitswarnung!",.. THREAT_OFF_MESSAGE: "Ihr Computer ist ungesch.tzt, aber wir k.nnen Ihnen helfen.",.. AVFW_DIALOG_HEADER: "Ihr Virenschutz und Ihre Firewall sind deaktiviert",.. AVFW_DIALOG_CONTENT: "Seit

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8385
                                                                                                                                                                          Entropy (8bit):4.965325304098503
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:BYz3hNXL4xrlON0pOqxptk2xgthUE6wfOhLQvTK:ULXUlObqTC2xgwmOhcvTK
                                                                                                                                                                          MD5:CAEE0E4BF0E9EE5AE6B55AB4865B11AA
                                                                                                                                                                          SHA1:869533109A2FE7F2F2B10A803D99944A27602236
                                                                                                                                                                          SHA-256:154C0A969BA4A31A249C07697101EF26D5692CEC115043A13DF90BB2243B7B3E
                                                                                                                                                                          SHA-512:6DEBE5D175E54DBB8DBC7F9F65AE4EA223D0E435BC7762B32BBFEDA1DDB9D088849B275000E05419B69C3453EC7BF2B99A98EA291AADC591E48B8E4AC69B810B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".........",.. DL_SCANNING_MESSAGE: "......... .. .... ... ... ...... ..........",.. DL_BLOCKED: ". .... ............",.. DL_SCANED: ". .... ........",.. SS_ON_STATE: "....... .........",.. SS_FIX_MESSAGE: "......! ..... .. ....... .. ........... ... ....... .... ... .. .............. .. ......... ...........",.. SS_OFF_STATE: ".......... .........",.. SS_OFF_MESSAGE: ".......! 1 .... 10 ........... ........ .......... .........",.. SS_OFF_DIALOG_HEADER: "........ ............. ........ ... ............ ..........",.. SS_OFF_DIALOG_CONTENT: "...... .... ........... ..... .... .........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4755
                                                                                                                                                                          Entropy (8bit):5.330213437300072
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:uU3x9/eMjflrS5xsyoBkXqLB+Qz/Q1wU9pYOosphMx:3x9Jjf2Kkm8GQ1NPjVqx
                                                                                                                                                                          MD5:D464C590EAA58D0D74502C46629A4B3E
                                                                                                                                                                          SHA1:880E2AC7F43D30E4691C96955376164A1A3E9C85
                                                                                                                                                                          SHA-256:FD21C09C996BD82D952D9F4DF60AF993921840311AC98F263BB9AE9F5047212D
                                                                                                                                                                          SHA-512:D4078BF1D859DA34E9386F1A390DDA19750C12FB8FCB6B8E3E393E2DFED7647D9FB9B673A8E3E5FB467C96BE48D1DF953CB1D9C6406E743651451443B9F9A6AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanning...",.. DL_SCANNING_MESSAGE: "We're scanning your download just to be safe.",.. DL_BLOCKED: "Download blocked",.. DL_SCANED: "Download scanned",.. SS_ON_STATE: "Secure Search",.. SS_FIX_MESSAGE: "Great! We'll make these changes the next time you restart your browser.",.. SS_OFF_STATE: "Action needed!",.. SS_OFF_MESSAGE: "Warning! 1 in 10 searches contain a dangerous link.",.. SS_OFF_DIALOG_HEADER: "Add risk ratings to your search results",.. SS_OFF_DIALOG_CONTENT: "Know how dangerous a link is before you click on it.",.. SS_SEARCH_OPTION: "Make Secure Search my default search engine",.. THREAT_OFF_STATE: "Security Alert!",.. THREAT_OFF_MESSAGE: "Your computer is exposed, but we can help.",.. AVFW_DIALOG_HEADER: "Your anti-virus and firewall are off",.. AVFW_DIALOG_CONTENT: "About 864 million personal data records have been compromised through data breaches since 2005.<br/><br/> Don't browse

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5193
                                                                                                                                                                          Entropy (8bit):5.30018704737383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:dRey5rMscODKKai5iihhi6VnRSyLK3yAEK9WOM0CKAXTs9:dUWr+ODhai5SknRSkNKPM0VP
                                                                                                                                                                          MD5:B794B207632AD4CBEF74E695A9AC82CD
                                                                                                                                                                          SHA1:3451678023A25CB3F94BE03F8B2EB14A69B1523C
                                                                                                                                                                          SHA-256:6EA61F211D5ED1C5EFBFA5585C1B3ABE8BEB42B4E349102B795A8EB50E4F0CD9
                                                                                                                                                                          SHA-512:E311960012E329A390183461C7522B5950940F6219A22EA1D2AB07C045C5EAAC62AF5A2758758D1B491E907F1D86FA00BFD604C6CBECA9A5FDF9241F72445741
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando...",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Genial! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Debe tomar medidas!",.. SS_OFF_MESSAGE: "Advertencia: 1 de cada 10 b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de sus b.squedas",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Definir B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Su equipo est. expuesto a riesgos, pero podemos ayudarle.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desactivado

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5216
                                                                                                                                                                          Entropy (8bit):5.317560654565851
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:zyErLx7VO33aiG/qshhi6VnRfylmDiP2QuyMLii9j0OsKbY7:zXrXO33aiiMknRfyp/Haiitfz87
                                                                                                                                                                          MD5:B928738E0F210A88173A518E7CD21352
                                                                                                                                                                          SHA1:5124FC124D459481C889F0F7B8E2D53C5453C8B7
                                                                                                                                                                          SHA-256:CE02DBA270472727C12B273CE27B967744FFD9AE5220C045BBF6B3C84683CAE6
                                                                                                                                                                          SHA-512:15BCA76C6709490DE139D09CE4ED520FB0A4DBF0AED11778622D83D39722CFE7B6C92740DC81BF601B77328FBEEC3B56B58E796BF66189F9E6AC2B3A03F125E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando.",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Excelente! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Se requiere acci.n!",.. SS_OFF_MESSAGE: ".Advertencia! Una de cada diez b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de la b.squeda",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Establezca B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Tu computadora est. expuesta, pero podemos ayudarte.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desac

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4959
                                                                                                                                                                          Entropy (8bit):5.317878966620111
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5ZZ4vNUD1ns7pqxqkRKk/eFt+2jiLRQoYWzZ0pu96M1ckY:PZ4vNlq4kRKkGSRcpuw4s
                                                                                                                                                                          MD5:4B49DB5828AC292E3F4126918B7567D4
                                                                                                                                                                          SHA1:B5793159E583B314019086E7226818E9E250D14F
                                                                                                                                                                          SHA-256:8F1C0F2B67B88DE8CDE93E533A89E8D8D576149D8F0C5C766935354D84A5B869
                                                                                                                                                                          SHA-512:F744355F146F7096583C4579ABB739005167A1513796E1FA69ABA4CF483AF302283D246A5732582F4BFAC6C99624E4BFE73CCCC44ACF1606EAFF21B6EB95B226
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Tarkistetaan.",.. DL_SCANNING_MESSAGE: "Lataamasi tiedosto tarkistetaan varmuuden vuoksi.",.. DL_BLOCKED: "Lataus estetty",.. DL_SCANED: "Lataus tarkistettu",.. SS_ON_STATE: "Suojattu haku",.. SS_FIX_MESSAGE: "Hienoa! Muutokset tulevat voimaan, kun seuraavan kerran k.ynnist.t selaimen.",.. SS_OFF_STATE: "Toimia vaaditaan!",.. SS_OFF_MESSAGE: "Varoitus! Joka kymmenes haku tuottaa vaarallisen linkin.",.. SS_OFF_DIALOG_HEADER: "Lis.. hakutuloksiin riskiluokitus",.. SS_OFF_DIALOG_CONTENT: "Luokituksen avulla n.et ennen linkin napsauttamista, onko se vaarallinen.",.. SS_SEARCH_OPTION: "Aseta Suojattu haku oletushakukoneeksi",.. THREAT_OFF_STATE: "Tietoturvavaroitus!",.. THREAT_OFF_MESSAGE: "Tietokoneesi on alttiina uhille, mutta voimme auttaa.",.. AVFW_DIALOG_HEADER: "Viruksentorjunta ja palomuuri ovat pois k.yt.st.",.. AVFW_DIALOG_CONTENT: "Noin 864 miljoonaa yksityist. datatietuetta on jout

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5692
                                                                                                                                                                          Entropy (8bit):5.302908789339375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:0MxyhGiDkpQQrrENOqplZuFfrYnWv6HScq48Ky6o9Q+W55fTsujG:0ZhGVQQrrENOqYIH2V6o/W5a
                                                                                                                                                                          MD5:336E2EA07CD3577F75620D2976563A07
                                                                                                                                                                          SHA1:BF98A5000A7535254DC436CCBBD4B2E9379E8FC7
                                                                                                                                                                          SHA-256:C5166CFA2CCD93C23FE690740354032ACC1335886684457AE2D87278D0C7E101
                                                                                                                                                                          SHA-512:0C94DE545128DFDFCA6DCF6BAC83F8D72C2841C321C23FEE77A4F50F0B8CB85F30E36FE929E060FB6CC59DEC81436C55D027ADC2C385152F56FA0BFF56622144
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Nous analysons votre t.l.chargement par simple mesure de s.curit..",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien! Nous appliquerons ces modifications la prochaine fois que vous red.marrerez votre navigateur.",.. SS_OFF_STATE: "Intervention requise!",.. SS_OFF_MESSAGE: "Attention! 1.r.sultat de recherche sur 10 comporte un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajoutez des cotes de risque . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Connaissez le niveau de dangerosit. d'un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "Ajoutez Recherche s.curis.e . mon moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit.!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est vuln.rable, mais nous pouvons vous aider.",.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5621
                                                                                                                                                                          Entropy (8bit):5.318278974154098
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:yp99a4ffmtaCS1mELq47byJXGUmytipUS22d9h+/ijfTEQY:yXAaCpELq4Fr2c/2ijY
                                                                                                                                                                          MD5:146272CD85FECAB892122F01C0D3690D
                                                                                                                                                                          SHA1:E4457EFAC92906A8B36D041F30468729BAA368B7
                                                                                                                                                                          SHA-256:1F4317974E332E9E2482D5355E46237A491BBAFF4E614D771A4E14FDF9E11DC0
                                                                                                                                                                          SHA-512:F1EDAAC5A80DABDCFB707F54EB8B9B54D5C83A1EF237E3014302763EA2E034742FF0F871097AF759C48F25550DB9BC52FFA79A00F0A68903604049A3BA49BEC7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Par pr.caution, nous analysons votre t.l.chargement.",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien. Nous effectuerons ces modifications au prochain red.marrage de votre navigateur.",.. SS_OFF_STATE: "Mesure . prendre.",.. SS_OFF_MESSAGE: "Attention.! Une recherche sur dix contient un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajouter l'.valuation des risques . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Prenez connaissance du danger que repr.sente un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "D.finir la recherche s.curis.e comme moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit..!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est expos. aux menaces, mais nous pouvons vous aider.",.. AVFW_DIAL

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5041
                                                                                                                                                                          Entropy (8bit):5.416211301758333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:W82DDbczNyMnf3MeFH+JDxk/zay9SIhFO8DF84sSbuoU0zDub9FONkd3V/oWRT:W34zwMfceFHSDxa1FcZbLONslgGT
                                                                                                                                                                          MD5:D3A0326AD337FA5B081C7AFF4E4BDFB4
                                                                                                                                                                          SHA1:4793AC98638429A732C67E6ED7D15004633F70CD
                                                                                                                                                                          SHA-256:7EC80830E9514A585DF452A683B44569EA1CE3EBB0EFF141871E51E438F26710
                                                                                                                                                                          SHA-512:1DE5CEEC1626769A89ECE44460328E2A68B313B9D0536C9E61AEFD1C5EA352B97C78ADF45B1DF3694E8B255ECEBF3F7F4270D71D838F1861908AF0D6B67979AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Pregled...",.. DL_SCANNING_MESSAGE: "Pregledavamo va.e preuzimanje za svaki slu.aj.",.. DL_BLOCKED: "Preuzimanje je blokirano",.. DL_SCANED: "Preuzimanje je pregledano",.. SS_ON_STATE: "Sigurno pretra.ivanje",.. SS_FIX_MESSAGE: "Sjajno! Ove .emo promjene uvesti sljede.i put kada ponovno pokrenete preglednik.",.. SS_OFF_STATE: "Potrebna je akcija!",.. SS_OFF_MESSAGE: "Upozorenje! 1 od 10 pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocjenu rizika rezultatima pretra.ivanja",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je veza opasna prije nego .to kliknete na nju.",.. SS_SEARCH_OPTION: "Postavi Sigurno pretra.ivanje kao zadanu tra.ilicu",.. THREAT_OFF_STATE: "Sigurnosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va.e je ra.unalo izlo.eno, ali mo.emo vam pomo.i.",.. AVFW_DIALOG_HEADER: "Isklju.eni su antivirusna za.tita i vatrozid",.. AVFW_DIALOG_CONTENT: "Oko 864 milijuna z

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5401
                                                                                                                                                                          Entropy (8bit):5.531960464670316
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cDlYr1MDbtVqXiZgRRGXtsXPG8sZT15INx7h6X9mwu9Dvymc+cE0AHmt:hZYHqXiL8y5WzN6gwuBKmzP5Hmt
                                                                                                                                                                          MD5:2F948E205E01DBA3E5E52FC66516A421
                                                                                                                                                                          SHA1:FA3DABAEBC4CCB2283993086BD537FFDEC6F20E5
                                                                                                                                                                          SHA-256:2B5609EE8D4A5748963DED07B9E4BACD925BF41BE2BF5BD4A2388BD34CF7C245
                                                                                                                                                                          SHA-512:B5A9B2C12A6EA6B0BBA28EC1A19A3C79A30A45A0FF965CBC61C1F4542EFF809B54337066E764684BFF724D961CC330CF1F35919B2C80EE79147D8BE374C6FB8C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Vizsg.lat...",.. DL_SCANNING_MESSAGE: "Biztons.ga .rdek.ben .tvizsg.ljuk a let.lt.tt f.jlt.",.. DL_BLOCKED: "Blokkolt let.lt.s",.. DL_SCANED: "Megvizsg.lt let.lt.s",.. SS_ON_STATE: "Biztons.gos keres.s",.. SS_FIX_MESSAGE: "Rendben. A b.ng.sz. k.vetkez. .jraind.t.sakor v.grehajtjuk ezeket a m.dos.t.sokat.",.. SS_OFF_STATE: "Beavatkoz.sra van sz.ks.g!",.. SS_OFF_MESSAGE: "Figyelem! Minden tizedik keres.s vesz.lyes hivatkoz.st tartalmaz.",.. SS_OFF_DIALOG_HEADER: "Vesz.lyess.gi besorol.sok megjelen.t.se a keres.si eredm.nyek mellett",.. SS_OFF_DIALOG_CONTENT: "Ismerje meg a hivatkoz.s vesz.lyess.gi besorol.s.t, miel.tt r.kattintana.",.. SS_SEARCH_OPTION: "A biztons.gos keres.s legyen az alap.rtelmezett keres.motor",.. THREAT_OFF_STATE: "Biztons.gi riaszt.s!",.. THREAT_OFF_MESSAGE: "Sz.m.t.g.pe sebezhet., de seg.thet.nk.",.. AVFW_DIALOG_HEADER:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5110
                                                                                                                                                                          Entropy (8bit):5.2250614647799924
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ZDrBAuuEnhYJMxwmH77265IcUNspZPBDNMTix+wwyHTd9H7pmC2z/xR:drLnhYJ2wmHf2MIcUYQw1HJR74FxR
                                                                                                                                                                          MD5:613F88C68D2809F97F9FD6F87DB97F02
                                                                                                                                                                          SHA1:C0E86B3D76F630487A6A0C73DD1D49406D206EFF
                                                                                                                                                                          SHA-256:6F44EBC3163E3EFD327E2C5022102EF7EE733C309E6A21D885192A2FC111D9E1
                                                                                                                                                                          SHA-512:F4EBC8EE49D8FA677F8398F24121D0962E4DA78B53F8CBFF1B10A7B20AD4218B085EF9517DD15869AA4EB554A53DC8E49E663FAFD60CA2871151527E3BBC030F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scansione in corso...",.. DL_SCANNING_MESSAGE: "Stiamo eseguendo la scansione dei download per verificare che siano sicuri.",.. DL_BLOCKED: "Download bloccato",.. DL_SCANED: "Download scansionato",.. SS_ON_STATE: "Ricerca sicura",.. SS_FIX_MESSAGE: "Perfetto! Apporteremo queste modifiche al riavvio del browser.",.. SS_OFF_STATE: "Intervento richiesto.",.. SS_OFF_MESSAGE: "Avviso. 1 ricerca su 10 contiene link pericolosi.",.. SS_OFF_DIALOG_HEADER: "Aggiungi le classificazioni dei rischi ai risultati di ricerca",.. SS_OFF_DIALOG_CONTENT: "Conosci la pericolosit. di un link prima di accedervi.",.. SS_SEARCH_OPTION: "Imposta la ricerca sicura come motore di ricerca predefinito",.. THREAT_OFF_STATE: "Avviso di sicurezza.",.. THREAT_OFF_MESSAGE: "Il computer . esposto a rischi, ma possiamo aiutarti.",.. AVFW_DIALOG_HEADER: "Antivirus e firewall sono disattivati",.. AVFW_DIALOG_CONTENT: "Dal 2005, circa

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6573
                                                                                                                                                                          Entropy (8bit):5.7257577861051265
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:NTUsvaiozLJ9h9yY4smsT7h0O71Kw1JFe:esv4J9HyY4smsT7h0O7PvE
                                                                                                                                                                          MD5:7970DCCF2A75017322A8A0D30FB86AA3
                                                                                                                                                                          SHA1:468EEDB0167833CCB3095D10DA3CD4E6C6174B67
                                                                                                                                                                          SHA-256:1042DD9E402EA14B9E210736B6CC829E1A0C27644F12EBF824D73711BCE64F8E
                                                                                                                                                                          SHA-512:A86B6F3086E17A8F8CAD0B011540700A9D28E9C28B8E8273996E6D2017D78188F14F49A402236393BF9E7799F2BC3D2BD64AEA83BE9AF3E009771DCA406254F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "........",.. DL_SCANNING_MESSAGE: "..................................",.. DL_BLOCKED: ".............",.. DL_SCANED: "............",.. SS_ON_STATE: ".....",.. SS_FIX_MESSAGE: "....................................",.. SS_OFF_STATE: "..........!",.. SS_OFF_MESSAGE: "... 10 .. 1 ......................",.. SS_OFF_DIALOG_HEADER: "...................",.. SS_OFF_DIALOG_CONTENT: "..........................",.. SS_SEARCH_OPTION: ".......................",.. THREAT_OFF_STATE: ".........",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5497
                                                                                                                                                                          Entropy (8bit):5.847978360180218
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:A4T4OfEAmKkUvLS/fDa8s9If8LNaSkXLwjk2XEgvR6z0O739OBqKkLHtNi:Bff7Jk3a8iNaSEKtODYBqKoNNi
                                                                                                                                                                          MD5:7B107B89F270CDFBE68D065104D3410E
                                                                                                                                                                          SHA1:15FECC05C253ADEE9973A583E743CF4D6026811B
                                                                                                                                                                          SHA-256:5C885A2108E53417E3C33FD28CC32C1EC83EBCCA64E5D043C330628AB6DAC447
                                                                                                                                                                          SHA-512:3E46BED37CA260521BE6F084EA14B3D2878A70315B0BA80DC8C28A1BF87AB1C2D85FF3CAAC4096CA2626E38F4185DEAA10817636EC91DA98094380377128181A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".. ....",.. DL_SCANNING_MESSAGE: "... .. ..... .. .....",.. DL_BLOCKED: "... ....",.. DL_SCANED: "... ....",.. SS_ON_STATE: ".. ..",.. SS_FIX_MESSAGE: "....! ..... .. .... .. ... ......",.. SS_OFF_STATE: "... .....!",.. SS_OFF_MESSAGE: "..! .. .. ... ... ... ... .. 1/10....",.. SS_OFF_DIALOG_HEADER: ".. ... .. ... .......",.. SS_OFF_DIALOG_CONTENT: ".... .. ... .... .. .......",.. SS_SEARCH_OPTION: ".. ... .. .. .... ..",.. THREAT_OFF_STATE: ".. .....!",.. THREAT_OFF_MESSAGE: "... .... ...... McAfee. .... . .....",.. AVFW_DIALOG_HEADER: "...... .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4937
                                                                                                                                                                          Entropy (8bit):5.338664370900008
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iith6b8IIs/ySd0vgZwxwud8eWgwbYeCCVKduaN3z559JBhoAsUnxUbE:J36nR1swuD8boN951hvsUnxYE
                                                                                                                                                                          MD5:908B64646BE9EA860FF28CA62CEA259D
                                                                                                                                                                          SHA1:511549293C2C332C506E1518C0BE2DBEA3D99C46
                                                                                                                                                                          SHA-256:EE6AA51B79C56B237DBD65BD2DD0A364A219294D178CC7293921543EEAD327D0
                                                                                                                                                                          SHA-512:BD7D9055FE87817B3D32383C3E245CD02BFD42EA6925A443B273ADCEA69806807AA0944A65DCD384044C60D8327DA51B3803C369625CA6CAEB7FEB12F52C6A0F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanner..",.. DL_SCANNING_MESSAGE: "Vi skanner nedlastingen for . v.re p. den sikre siden.",.. DL_BLOCKED: "Nedlasting blokkert",.. DL_SCANED: "Nedlasting skannet",.. SS_ON_STATE: "Sikkert s.k",.. SS_FIX_MESSAGE: "Flott! Vi skal gj.re disse endringene neste gang du starter nettleseren.",.. SS_OFF_STATE: "Handling kreves!",.. SS_OFF_MESSAGE: "Advarsel! 1 av 10 s.k inneholder en farlig kobling.",.. SS_OFF_DIALOG_HEADER: "Legg til risikovurderinger i s.keresultatene",.. SS_OFF_DIALOG_CONTENT: "Vit hvor farlig en kobling er, f.r du klikker p. den.",.. SS_SEARCH_OPTION: "Gj.re Sikkert s.k til standard s.kemotor",.. THREAT_OFF_STATE: "Sikkerhetsvarsel!",.. THREAT_OFF_MESSAGE: "Datamaskinen din er eksponert, men vi kan hjelpe deg.",.. AVFW_DIALOG_HEADER: "Antivirusbeskyttelsen og brannmuren er av",.. AVFW_DIALOG_CONTENT: "Omkring 864 millioner oppf.ringer med personopplysninger har havnet

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5046
                                                                                                                                                                          Entropy (8bit):5.29923659608503
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:IHFRCH1qpecUFhzJizV+kE1XGwRZYzg0u0Qu2OOkMCJuzXvu9odS+daUmh4:IHFRCVqpAFh4zV+kol56Q1EJ2vufCaL4
                                                                                                                                                                          MD5:0A0CD532F6553B3D545538405118FE96
                                                                                                                                                                          SHA1:6D0D4723131FE762BF5F8385AA943FA6AB4EF500
                                                                                                                                                                          SHA-256:1DFA69BA967AB4ADF08C4440523CAC4B9430227A7668A0A1AA0FC333775E16EA
                                                                                                                                                                          SHA-512:6A423AFA53F6A3EE7D9C1DC7CC89C26E9A9AD676D93DBD99C1FCD395A1B4B7A5AD92DD510F31B1AF48B1BC9787443B211FAD4F0E2285F827DE12EAE5349E8EB8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Uw download wordt voor de veiligheid gescand.",.. DL_BLOCKED: "Download geblokkeerd",.. DL_SCANED: "Download gescand",.. SS_ON_STATE: "Beveiligd zoeken",.. SS_FIX_MESSAGE: "Fantastisch! Deze wijzigingen worden ge.mplementeerd wanneer u uw browser de volgende keer opnieuw start.",.. SS_OFF_STATE: "Actie vereist!",.. SS_OFF_MESSAGE: "Waarschuwing! 1 op de 10 zoekopdrachten bevat een gevaarlijke link.",.. SS_OFF_DIALOG_HEADER: "Voeg risicoclassificaties toe aan uw zoekresultaten",.. SS_OFF_DIALOG_CONTENT: "Weet hoe gevaarlijk een koppeling is voordat u erop klikt.",.. SS_SEARCH_OPTION: "Maak Beveiligd zoeken mijn standaardzoekmachine",.. THREAT_OFF_STATE: "Beveiligingswaarschuwing!",.. THREAT_OFF_MESSAGE: "Uw computer is blootgesteld, maar wij kunnen u helpen.",.. AVFW_DIALOG_HEADER: "Uw antivirus en firewall zijn uitgeschakeld",.. AVFW_DIALOG_CONTENT: "Sinds 2005

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5241
                                                                                                                                                                          Entropy (8bit):5.554898483368969
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:qUIwsXVPIcXdt1qJZHybN1qfWl9my9bpE3TiYv5YTKSjzxj4dsd9DFsxee7G6T9:q1wsXVgcHoZHu2OlqukURj4di5te7F
                                                                                                                                                                          MD5:36A6295576043C8E8265AE0B293F0278
                                                                                                                                                                          SHA1:71C85F04D2BB8A6EB4E1A44DFE0694E8D4CF9784
                                                                                                                                                                          SHA-256:F2A53E12CD5B1E7F5414C7BA50BE1C0E194FF8B24F441468F7B2DBE34F992F0A
                                                                                                                                                                          SHA-512:34E00B00652F486EE4618B7268E7DA31DF4B122983FF80DC6C9FAA3EE6A05FD1AECBD63F178BD739C11A5BF6261606D3EA29A93C9828B1CBD55473CA8DAC280F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanowanie...",.. DL_SCANNING_MESSAGE: "Na wszelki wypadek skanujemy pobierany plik.",.. DL_BLOCKED: "Pobieranie zablokowane",.. DL_SCANED: "Pobieranie przeskanowane",.. SS_ON_STATE: "Bezpieczne wyszukiwanie",.. SS_FIX_MESSAGE: ".wietnie. Zmiany zostan. wprowadzone po ponownym uruchomieniu przegl.darki.",.. SS_OFF_STATE: "Wymagane dzia.anie.",.. SS_OFF_MESSAGE: "Uwaga! 1 na 10 wyszukiwa. zawiera niebezpieczne ..cze.",.. SS_OFF_DIALOG_HEADER: "Dodaj oceny ..czy w wynikach wyszukiwania.",.. SS_OFF_DIALOG_CONTENT: "Dowiedz si., czy ..cze jest niebezpieczne, zanim je klikniesz.",.. SS_SEARCH_OPTION: "Ustaw Bezpieczne wyszukiwanie jako domy.ln. wyszukiwark.",.. THREAT_OFF_STATE: "Alert zabezpiecze.!",.. THREAT_OFF_MESSAGE: "Komputer jest nara.ony na zagro.enia, ale mo.emy Ci pom.c.",.. AVFW_DIALOG_HEADER: "Antywirus i zapora s. wy..czone.",.. AVFW_DIALOG_CONTENT: "Od 2005 r. bezpi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5076
                                                                                                                                                                          Entropy (8bit):5.3456641309639785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:hzqsY64tGeMe1EjJDQYz8VMntBYv4tBg9Wq90QuG:hWnjE7e1iJl44BgD9Z
                                                                                                                                                                          MD5:29C37461266F5EC54C912892D7DEA5BB
                                                                                                                                                                          SHA1:2027257CCEA215C5B26AC43556313A869ED9793F
                                                                                                                                                                          SHA-256:2D6742EFC60C9F941DD63D606C67415F98352F626DE4DCC21F9AD906C0634E65
                                                                                                                                                                          SHA-512:4184F473F42C1A5F255E755566B64F010B86D144D033DB6A2291DAD22967A2CE4F9954AE9CBD4FEA25DA25A2AC19A66A39AF7858D0C721C7B4668AB74A072E3A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Varrendo...",.. DL_SCANNING_MESSAGE: "Estamos varrendo o seu download apenas por seguran.a.",.. DL_BLOCKED: "Download bloqueado",.. DL_SCANED: "Downloads varridos",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: "Excelente! Implementaremos essas mudan.as na pr.xima vez que voc. reiniciar o navegador.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aviso! 1 em 10 pesquisas cont.m um link perigoso.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Saiba qu.o perigoso . um link antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa segura meu mecanismo de pesquisa padr.o",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "Seu computador est. exposto, mas podemos ajud.-lo.",.. AVFW_DIALOG_HEADER: "Seu antiv.rus e sua firewall est.o desativados",.. AVFW_DIALOG_CONTENT: "Cerca de 864

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5194
                                                                                                                                                                          Entropy (8bit):5.346110251487307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:L60E2K+GRZAEbZoyh5Mj+WkfVptFa9GqDXyImC:L6SKhDAmlk+bVLFaXDz
                                                                                                                                                                          MD5:74A1FEF9FD994E5C29BCD75A5D10A1FE
                                                                                                                                                                          SHA1:0405794450F059415289FA709D1EAC5798F4D893
                                                                                                                                                                          SHA-256:67137ADF5237EAF8D9676D1076FF52875F65F98EC0FE91930B3AD1D79B063F76
                                                                                                                                                                          SHA-512:C4F7A61292BAED702B1536E1D74791F8B6BE89F9D3886A2579DFF3B76667795DCCD001B2724658D822C09007500815B8BB05B3EE8BD9B26DDBE1A397D2E8CD41
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "A analisar...",.. DL_SCANNING_MESSAGE: "Estamos a analisar a sua transfer.ncia para garantir a m.xima seguran.a.",.. DL_BLOCKED: "Transfer.ncia bloqueada",.. DL_SCANED: "Transfer.ncia analisada",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: ".timo! Aplicaremos esta altera..es quando reiniciar o browser.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aten..o! 1 em cada 10 pesquisas cont.m uma liga..o perigosa.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Conhe.a o n.vel de perigo de uma liga..o antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa Segura o meu motor de pesquisa predefinido",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "O seu computador est. desprotegido, mas podemos ajudar.",.. AVFW_DIALOG_HEADER: "O seu antiv.rus e firewall est.o desativados",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7499
                                                                                                                                                                          Entropy (8bit):5.002826493531936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:J8/c1QuytDV2s488V+TtWHkWUIU9RyVto:J8/c1Qu+DwgWlUf9AVm
                                                                                                                                                                          MD5:0B00B4F1DF53D7869D97AE55F5FD9F30
                                                                                                                                                                          SHA1:B9828063943585D69A78C0A5163816F9749882C3
                                                                                                                                                                          SHA-256:2D41BB850FEE8E3AF133D204ED946BA2383888017AE50326F2BA716F390DADD7
                                                                                                                                                                          SHA-512:1E21CB4033310B38CEF36FC18A5D10ED6A251F47EF5EBDD40C4E2777125E32E90AABCFDD10D6E2EE69CBA583C8400E498B40A64BDAAA93CCF5DD9C5D9F837015
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "...........",.. DL_SCANNING_MESSAGE: "........... ............ .........",.. DL_BLOCKED: "............. ........:",.. DL_SCANED: "......... ........:",.. SS_ON_STATE: ".......... .....",.. SS_FIX_MESSAGE: ".......! ......... ..... ....... ... ......... ........... .........",.. SS_OFF_STATE: "......... ........!",.. SS_OFF_MESSAGE: "......... . ........... ....... ........ ...... .... ....... .......",.. SS_OFF_DIALOG_HEADER: "........ ....... ..... . .......... ......",.. SS_OFF_DIALOG_CONTENT: "..... ......... .. ...... ......., ......... ... .......",.. SS_SEARCH_OPTION: "....... ........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5398
                                                                                                                                                                          Entropy (8bit):5.643833908825308
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:jTm1b9h9okCKuoXx9byC6n+Ih6hXV7ILNadt6rDSczFk9HVXrfj6n:jTob/9SKuqbyC6nYhScSicBk5Bfj6n
                                                                                                                                                                          MD5:3655FD9C38BBE8F3A1FFD73062DD9FE2
                                                                                                                                                                          SHA1:B40F7125588BD8A3196840F93B683A54FF6651FF
                                                                                                                                                                          SHA-256:9CF3E0F6E0E4CF5CD638AB02AD388B9234F7ED4FF2FAFDE45CCE62A69D1ACBB1
                                                                                                                                                                          SHA-512:7498900E9B263C2AC9F48162B99F3191F16F8E936D074E91A62CCA9B961F2753DE3F8EB4CB91E8F49C9388E69C9ED1814D25C4E63B88BEF6715B3E5F9760ED17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Kontroluje sa...",.. DL_SCANNING_MESSAGE: "Stiahnut. s.bor sa kontroluje, len pre istotu.",.. DL_BLOCKED: "S.ahovan. s.bor bol zablokovan.",.. DL_SCANED: "S.ahovan. s.bor bol skontrolovan.",.. SS_ON_STATE: "Zabezpe.en. vyh.ad.vanie",.. SS_FIX_MESSAGE: "Skvel.! Zmeny sa uskuto.nia pri najbli..om re.tartovan. prehliada.a.",.. SS_OFF_STATE: "Treba kona.!",.. SS_OFF_MESSAGE: "Upozornenie: 1 z 10 vyh.ad.van. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "Pridanie hodnoten. rizika k v.sledkom vyh.ad.vania",.. SS_OFF_DIALOG_CONTENT: "Sk.r ne. kliknete na prepojenie, mali by ste vedie., .i je nebezpe.n..",.. SS_SEARCH_OPTION: "Nastavi. slu.bu Zabezpe.en. vyh.ad.vanie ako predvolen. vyh.ad.vac. n.stroj",.. THREAT_OFF_STATE: "Upozornenie zabezpe.enia:",.. THREAT_OFF_MESSAGE: "V.. po..ta. je v.ohrozen., ale m..eme v.m pom.c..",.. AVFW_DIALOG_HEA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5115
                                                                                                                                                                          Entropy (8bit):5.416583517368563
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:a7um49Rmkzg/G5dK+J8tkaUnSlBS2DFA4s+roJGEUuzvYb9NKNvt3w/yTK:3VNzgOWS8ttFFV/b3KNlgqTK
                                                                                                                                                                          MD5:1256512BE1EFBDC68E879DC97D4FA564
                                                                                                                                                                          SHA1:DB86F80BA7CDFC48EE4D69745258CB2C197814E7
                                                                                                                                                                          SHA-256:46A31754958D949387AFB60C5E454C797D0958A58965C7E429C528F140A7C42C
                                                                                                                                                                          SHA-512:1195A75953C0A3031C37EEB33441057AC3689CD108EC29B25A024C90B9EB64E6A90309A8A6C12A722E149C88A356AADB48D17AE37D741149290DB0A5A0052ECA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skeniranje...",.. DL_SCANNING_MESSAGE: "Skeniramo preuzeti sadr.aj radi va.e bezbednosti.",.. DL_BLOCKED: "Blokirano preuzimanje",.. DL_SCANED: "skeniranje preuzimanja",.. SS_ON_STATE: "Bezbedna pretraga",.. SS_FIX_MESSAGE: "Odli.no! Ove izmene .e biti unete kada slede.i put pokrenete pregleda..",.. SS_OFF_STATE: "Potrebno je preduzeti odre.ene korake!",.. SS_OFF_MESSAGE: "Upozorenje! Svaka deseta pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocene rizika u rezultate pretrage",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je neka veza opasna pre nego .to kliknete na nju.",.. SS_SEARCH_OPTION: ".elim da bezbedna pretraga bude moj podrazumevani pretra.iva.",.. THREAT_OFF_STATE: "Bezbednosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va. ra.unar je izlo.en pretnjama, ali mi vam mo.emo pomo.i.",.. AVFW_DIALOG_HEADER: "Antivirusni program i za.titni zid su isklju.eni",.. AVFW

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4882
                                                                                                                                                                          Entropy (8bit):5.406741594701944
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:fl+hIZSmigy7tw5va0ZPYVhH9lSIkMKJU9xIGRQtVRW:d+hIZC7twtn8HQJJUQGRIW
                                                                                                                                                                          MD5:ED90CCC22D94259863411386C6DE31D9
                                                                                                                                                                          SHA1:5215A30E75B0B24B1C346FDE2E1841A85FA16F4D
                                                                                                                                                                          SHA-256:C014BF7588A24566A02ADC04E7BC656CAA655F374E61AE97C4A4C581716F660E
                                                                                                                                                                          SHA-512:1A377928F0DE59F1999D0745412C6786C06471A29E32892DC52C43748513A80BF269E343177CD686C56E62DF9B4F6C6824D2F4F21A35E91F0044B1BA1CA275C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Genoms.ker...",.. DL_SCANNING_MESSAGE: "Vi genoms.ker h.mtningen f.r s.kerhets skull.",.. DL_BLOCKED: "H.mtning blockerad",.. DL_SCANED: "H.mtning genoms.kt",.. SS_ON_STATE: "S.ker s.kning",.. SS_FIX_MESSAGE: "Perfekt. Vi utf.r .ndringarna n.sta g.ng du startar om din webbl.sare.",.. SS_OFF_STATE: ".tg.rd kr.vs!",.. SS_OFF_MESSAGE: "Varning! 1 av 10 s.kningar inneh.ller en farlig l.nk.",.. SS_OFF_DIALOG_HEADER: "L.gg till riskklassificering i dina s.kresultat",.. SS_OFF_DIALOG_CONTENT: "Du f.r veta hur farlig en l.nk .r innan du klickar p. den.",.. SS_SEARCH_OPTION: "V.lj S.ker s.kning som standardalternativ f.r s.kmotorer",.. THREAT_OFF_STATE: "S.kerhetsvarning!",.. THREAT_OFF_MESSAGE: "Datorn .r utsatt f.r risk, men vi kan hj.lpa till.",.. AVFW_DIALOG_HEADER: "Antivirus och brandv.ggen .r inaktiverade",.. AVFW_DIALOG_CONTENT: "Cirka 864 miljoner personliga da

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5273
                                                                                                                                                                          Entropy (8bit):5.486084661941598
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:THxCtJRQDY8NoBGZOpo/n2ovqXm/IwjfdZ1zT4x9hEKHCnAzvjUB:7xCtANoBGnR/TdZJ4xEsvU
                                                                                                                                                                          MD5:16DD9886CC8A8E2D47F02CF6B5963C3F
                                                                                                                                                                          SHA1:B05E5AF94B50984FC4BF4285FA3D61CB3ABA881E
                                                                                                                                                                          SHA-256:4F35D4163571622E74B655567B6AA0A3716D2DAC09653F57C873504BFFCD8B90
                                                                                                                                                                          SHA-512:7C8A194D5ACFA94ADAA7B3C5C3F45A40E13EA1515D2D105774E759630263472EA96962F741440CCFA896184DC42786420DB8109F5EE7E6535377C0948EED3DBD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Taran.yor...",.. DL_SCANNING_MESSAGE: "Her ihtimale kar.. indirmenizi tar.yoruz.",.. DL_BLOCKED: ".ndirme engellendi",.. DL_SCANED: ".ndirme tarand.",.. SS_ON_STATE: "G.venli Arama",.. SS_FIX_MESSAGE: "Harika! Taray.c.y. bir sonraki sefer ba.latt...n.zda bu de.i.iklikleri uygulayaca..z.",.. SS_OFF_STATE: "Eylem gerekli!",.. SS_OFF_MESSAGE: "Dikkat! 10 aramadan biri tehlikeli ba.lant. i.erir.",.. SS_OFF_DIALOG_HEADER: "Arama sonu.lar.n.za risk de.erlendirmeleri ekleyin",.. SS_OFF_DIALOG_CONTENT: "T.klamadan .nce bir ba.lant.n.n ne kadar tehlikeli oldu.unu bilin.",.. SS_SEARCH_OPTION: "G.venli Arama'y. varsay.lan arama motorum yap",.. THREAT_OFF_STATE: "G.venlik Uyar.s.!",.. THREAT_OFF_MESSAGE: "Bilgisayar.n.z savunmas.z ancak size yard.mc. olabiliriz.",.. AVFW_DIALOG_HEADER: "Vir.sten koruma ve g.venlik duvar. kapal.",.. AVFW_DIALOG_CONTENT: "2005'ten

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4673
                                                                                                                                                                          Entropy (8bit):6.276205522230196
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:THIWI0hyh/2vKsPMP0VIQUuGOPpBM9Yc81vzNcS:T5Qh/Yq9joBMGz1p3
                                                                                                                                                                          MD5:E66D37AAB885C74B33FD5071D791AE2E
                                                                                                                                                                          SHA1:339AD07D34524474667AF8E6986BEECE43EA4521
                                                                                                                                                                          SHA-256:632988C5A468576BECF2BC1C48EF2BDD22CA44B64001A7BB8273E36F5E2C46F6
                                                                                                                                                                          SHA-512:61BCC0A4989CD0A290CBF78A05144781DFFCA7695E77D1151446CF4DAB2470275764A48CFE203990EC4474268810773FF1242EEABA7AA74293200BDAE0ED8ECB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..................",.. DL_BLOCKED: "......",.. DL_SCANED: "......",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: "...! ....................",.. SS_OFF_STATE: "....!",.. SS_OFF_MESSAGE: "...1/10 ............",.. SS_OFF_DIALOG_HEADER: "...........",.. SS_OFF_DIALOG_CONTENT: "...................",.. SS_SEARCH_OPTION: ".............",.. THREAT_OFF_STATE: ".....",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "............",.. AVFW_DIALOG_CONTENT: ". 2005 ....... 8.64 ..................<br/

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4704
                                                                                                                                                                          Entropy (8bit):6.287282072477445
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:+54tUIE58+sUHLz4111bAmwqkFvHOVJXBxC7RP9LX9Qom/6tTh:+utkVAdAm8uf0X6/StV
                                                                                                                                                                          MD5:0D802B12B61EB7530F3D7A4D422E8D58
                                                                                                                                                                          SHA1:9E1345A686E7418E769315A31526FE80062AFE23
                                                                                                                                                                          SHA-256:FC46CFEC7591898641E8BA53D247F6DAEBD01432AA65ABD9DD48B41BA9E3D9A7
                                                                                                                                                                          SHA-512:D448CDBCA3F4387370E08218BAB8670D22DB73E7D013743374053D8F903FCC9235B6DAE5E6C91CE1C71FE91CE35F9B2BEE0B6CDEDF8DAB2772D65AB5CB84D542
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..............",.. DL_BLOCKED: ".....",.. DL_SCANED: ".....",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: ".......................",.. SS_OFF_STATE: ".....",.. SS_OFF_MESSAGE: "...10 ..... 1 ........",.. SS_OFF_DIALOG_HEADER: ".............",.. SS_OFF_DIALOG_CONTENT: "..................",.. SS_SEARCH_OPTION: "...............",.. THREAT_OFF_STATE: "......",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "...........",.. AVFW_DIALOG_CONTENT: ". 2005 ...... 8 . 6 . 4 ...................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1510
                                                                                                                                                                          Entropy (8bit):5.7308486902000615
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTt2GGq0IQDhhlGGqg4o1GGGqUdVkrN0/Fq9eA0dmQAjaha:w3q0Fhl3qg71G3qUvkrNeq9f0dm7Ca
                                                                                                                                                                          MD5:952AC00977A6A75229831F51439FBED3
                                                                                                                                                                          SHA1:D0CD40469B603D1880B6C40D187D98620E3D9F3E
                                                                                                                                                                          SHA-256:9132DD6D4BA0C2911D90E7E3FBD6F2E09422CC861C3D85DDB0492E4E717002CD
                                                                                                                                                                          SHA-512:72B546181A83EAC8D29864456B19237FE9B0EECEA09AF63C7100B3463F157027F4BACA6F85FDF279625E3158508F7A1E97F45EB4FA88A37293B26A40FD2F8356
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skejte bezplatnou ochranu p.i proch.zen. internetu od spole.nosti McAfee kliknut.m na mo.nost {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Pomoc. mo.nosti {0} zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Pomoc. mo.nosti {0} budete d.le chr.n.ni online d.ky t.mto funkc.m vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechat zm.ny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Pomoc. mo.nosti {0} programu McAfee. WebAdvisor zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_PERMISSION_ADDED_CONT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1414
                                                                                                                                                                          Entropy (8bit):5.5444424224442725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTEz6tBWYCISc5ciWzCISNOFBWYCISrrVpz92w56WYaF4glU8:U4nCISc5cvCISNOFnCISrxRmWnF418
                                                                                                                                                                          MD5:7CCDD6A86B6C29F577C45DD7821028EE
                                                                                                                                                                          SHA1:EE43BAA8BC9579B3885DB7F256E5F3B3E6534FC3
                                                                                                                                                                          SHA-256:CF42402BCCA3F4B9D934C26076995CE51AF247CB737F5A1FFB624581F36752F4
                                                                                                                                                                          SHA-512:DBB7C3D54A8120B48E89A938FBC2B39A11B5CCDEAD2533BFF8E3AD0B1D7A8BC000DD73844B826115E22191C09778AE2A500BF8E21CA754E2C24FE76D9DA899F8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hent den gratis webbeskyttelse fra McAfee ved at klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for fortsat at v.re beskyttet online med disse ekstra sikkerhedsfunktioner fra McAfee.: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold .ndringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillad",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ak

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1494
                                                                                                                                                                          Entropy (8bit):5.514748469930225
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTjZ+CqIYh/aCCqIYVdQvTMzTIAc7HQmKnCqIY4DMEIWljVnARzSQd:zZ+lxVlxVebMzTEQmKnlx4DO+JnXQd
                                                                                                                                                                          MD5:222E72A8FD24B4BD56C3B83756348D44
                                                                                                                                                                          SHA1:D67E9B10B0B4D008B96615F8FB5AEF86300E414B
                                                                                                                                                                          SHA-256:ACC453C349AE57B5073CA8F30C6707EC99B52F21E81F11B941D8FEC9DB62ED15
                                                                                                                                                                          SHA-512:AC1EFD688C437214B245EF08583AEED49B117101BC293FC3FA01D33F80CC9CBDA534D6C27CA0E0F3F1B8224D25D8909721C2A03C8A896BB5CC3EB8FEFB63FA49
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Nutzen Sie den kostenlosen Web-Schutz von McAfee, indem Sie auf "{0}" klicken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Klicken Sie auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu nutzen: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Klicken Sie auf "{0}", um weiterhin mit den folgenden Funktionen des zus.tzlichen Schutzes online gesch.tzt zu bleiben: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".nderungen beibehalten",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Klicken Sie f.r McAfee. WebAdvisor auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu aktivieren: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2138
                                                                                                                                                                          Entropy (8bit):5.217917771128103
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTYCoYrWTMeJ3P/oYeITMeJ3Pq2dnzgWTMeJ3P+PPvKoYC0EDdX0y2wyilhXphz:TWRpEIRpq2dzgWRp+Pt0EDdZhB
                                                                                                                                                                          MD5:F480CAFB6E6AB3C73664518C7F6DCE08
                                                                                                                                                                          SHA1:BA22771FA3F1CA35A9E41CC9BECD0C1768FCC3A1
                                                                                                                                                                          SHA-256:CC51D88615DA148FBF5396B2A98B3195BC709536C9DA6812A9C330D4B326CE59
                                                                                                                                                                          SHA-512:EE17EE494FAEDB59D22F4D543BA1521637B460D39B82B2EE00452DACB56DA529694FC5747DE300155C5ACEFCC3462B04F628A5B6C4E87B4F198A8362FCF7DF93
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "......... ...... ......... ... .. McAfee ........ .... ... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} ... .. .............. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ... McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} ... .. ........... ........ online .. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1249
                                                                                                                                                                          Entropy (8bit):5.490467303745762
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTBv4lHkVKlHNEAkulHrRH/T5fLCOPmK:V4lHkVKlHNpkulHrRH/ht
                                                                                                                                                                          MD5:BB4BB22B690B376D8929C2CC25BF2B12
                                                                                                                                                                          SHA1:14E7C6B2EDCEF13331C60FA6DE88F42A431C9EB0
                                                                                                                                                                          SHA-256:5D4B6883689465D1D2535FEC8177B798DCC34743AFE22DB065C37FB43C5F1BBF
                                                                                                                                                                          SHA-512:196B700246267E0ABD861566232A698BD3F2B82CDB2EF4CA42EEA7F81B376A3B02983AC4841B489A125EBB9B0262ECEBA570601A30A39E824AA86B9821AEB645
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Get your free web protection from McAfee by clicking {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} to continue staying safe online with these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Keep changes",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Allow",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Enable extension",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "to finish setting up WebAdvisor.",.. CHROME_ENABLEMENT_GUIDE_C

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1447
                                                                                                                                                                          Entropy (8bit):5.489080845620684
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT81my6MaXBldRzVenBldR+MQOAz/HQ2BldRiud91QHIc0x81mHkysdN:M1m/MaRlXVeBlKMQOAz/HZleudEr0O1H
                                                                                                                                                                          MD5:F5976C18C8AB9C484A9FB7FA7B785EDE
                                                                                                                                                                          SHA1:318CF0881E841E3154F8A82CCC6E682E28B5C87D
                                                                                                                                                                          SHA-256:7B3A200EC1EBEFB6433B4E1F6CDFC53AA9E232379B2765714EC9DA7F3EC727E1
                                                                                                                                                                          SHA-512:CDDFDFB566446CD2DBB4B5BC457B4C42BD87B699A26ECC2A186BE0BEDC7830D123FB1023D42340FF7451F2F0B45246AF646D90BE5E592DC6E2E1B308862E0A04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Disfrute de la protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para seguir estando protegido en Internet con estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} WebAdvisor de McAfee. para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHR

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1434
                                                                                                                                                                          Entropy (8bit):5.478348436291751
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTBWmy6caQmDdJVe9mDdsMQOAzdmDdQ0a0yLh1mH3/:Em/caQs/Ve9s6MQOAzdsuPRLh1mH3/
                                                                                                                                                                          MD5:347D21A367591A956DDD60421EC6F9D1
                                                                                                                                                                          SHA1:E7DD98B8B423C4FF845F0791D850AB37F7147A05
                                                                                                                                                                          SHA-256:CC3318BF5006AFEB6462820BC4EF081908200C76E929F1DB7B066AD1437708A7
                                                                                                                                                                          SHA-512:73DCFAD2F11DD6097A0657BB4A455C09370A02CFB4524B33DE27018712AF6CC0056A067DE891EF4EB5201EFFCF1693A182D84C28AB7567E57DD4E635BC5027C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenga su protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para continuar seguro en l.nea con estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1371
                                                                                                                                                                          Entropy (8bit):5.523574079075182
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTigoQ6AHPXTSgVCPP3TOcJ9PgTKTSzogH07RQuzSZCsQJwzimvd:PZtXbVQ3qcJt3+zVUVXXN2mq
                                                                                                                                                                          MD5:2BD1EFE6A5E9A74308673F6A3E391584
                                                                                                                                                                          SHA1:D928B2C7863AB95F81A3BEE96EDA913E92FE3417
                                                                                                                                                                          SHA-256:E7119B544C60B9A506393749ADB8705591F95886282D0537875A954C3AD39F37
                                                                                                                                                                          SHA-512:BB9BC19573534ED30D489A33CE2718DF92568EE565A55BEA8A8E453AE40A6498A7A4AF8325FBDD51EBFB8E751B1C68D084B794192C82D59E124A2029C5551EFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hanki McAfeen verkkosuojaus maksutta napsauttamalla {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, jotta voit k.ytt.. n.it. lis.suojausominaisuuksia: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, jotta pysyt jatkossakin turvassa verkossa n.ill. lis.suojausominaisuuksilla: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "S.ilyt. muutokset",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, ett. McAfee. WebAdvisor ottaa n.m. lis.suojausominaisuudet k.ytt..n: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Salli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ota laajennus k.ytt..n",.. CHROME_ENABLEMENT_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1453
                                                                                                                                                                          Entropy (8bit):5.47242197014462
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTBU39MC7soZ8JyVt0oZ8JVuh6oZ8JTm6Tb41mgEyNlThDn+:S7BasV3aT6HahmKU1PXThD+
                                                                                                                                                                          MD5:9A6724E82BD656390E9B94EBDC18DA14
                                                                                                                                                                          SHA1:D3F5E2C9E392BF0BBCE501144AF230A748B20A1F
                                                                                                                                                                          SHA-256:CFD4418961A4257D0A082198CDD6E82B1ACB274B93C2BE17436B8EFBDE5CD759
                                                                                                                                                                          SHA-512:6C94DFE2ACA585C1DE0C2D365D6D660D55E0757CC9B6614E2E090EC2B40A49ABABCB60BBF5D59D70AB74A0504E098146627B42C682840BA01B8108EE9F79CD4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenez votre protection Web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .voluer en ligne en toute s.curit. gr.ce . ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Maintenir les changements",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Autoriser

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1510
                                                                                                                                                                          Entropy (8bit):5.50151203088086
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTCKMC7mZ8yHVt2ZGNZ8ysMQu0Z8yQjSFbV+bzFtWrkzkIRah:yq7ma0VwSa7MQu0apeFMpmcR0
                                                                                                                                                                          MD5:9B2A8AB4F1BAE9902B78E0F3F5D4E232
                                                                                                                                                                          SHA1:E7189231932D2D0ED26074EBADCA8A8FF08B9EBB
                                                                                                                                                                          SHA-256:ABF2D6A213F3B0C28AE5397727E1CAEA4A7C54FC63CEE72C89E8428458E04D88
                                                                                                                                                                          SHA-512:0E5ACF8F48C5FAB0FC39F6BA4B2FA4F419C22E10B190DC272EA32A1EBFCE5F509636A2C78DE31EE21CDC0A439C5C4AC402602774AC5D95EF5EE2ABC8270B00B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "B.n.ficiez de la protection web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .tre prot.g. en ligne avec ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conserver les modifications",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_PERMISSION_ADDED_CONTENT

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1402
                                                                                                                                                                          Entropy (8bit):5.615778989371223
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HThh5mCPPDSIuREwP3ycRCCPPDmetuqELFbiFCsr1:Rh5mCPPDSI6xP3ycRCCPPDm6pELFOFhR
                                                                                                                                                                          MD5:13B4643F485BA6D7CEA00A60F19494C2
                                                                                                                                                                          SHA1:809DA37950B3908776DFFEA07AA923885CB99E00
                                                                                                                                                                          SHA-256:6E6A185CF72F5553AC9F4671351967CB241E5289AEAD350D664859A961C4E0FD
                                                                                                                                                                          SHA-512:EFF88C2DEE3A0C7A74A7C458EBE1AFA67B8D133EFFF1FC2E4FCD396B723A3D720ED03F05DD08CCD8D9E6673410492F38B27583E19B72865A57A5BF3EE78A1112
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Dobijte svoju besplatnu web za.titu od McAfee-a klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste nastavili biti sigurni na mre.i s ovim dodatnim zna.ajkama za.tite: McAfee. Sigurna pretraga, Blokada oglasa i blokadu alata za pra.enje.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Spremi promjene",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Odobri",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.i pro.irenje",.. CHROME_E

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1518
                                                                                                                                                                          Entropy (8bit):5.680219099732828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTt3WD/Pwd03L7mtPsJePwd0kYGc8hQwde/WCpeT4zAsjWE+p71:5EP20bStUwP20kYGcIQ2e/JYeAsyE+Z1
                                                                                                                                                                          MD5:CDA34B94F6482896BE2433B1FE169230
                                                                                                                                                                          SHA1:013647E9561364278A9BC63702CD816D0581A9E0
                                                                                                                                                                          SHA-256:26089964398D8A35A393AA3E3558D6F640FBEC25D9B60C543D20AFF2BFCBA5BF
                                                                                                                                                                          SHA-512:8A47BE0BFE1E2BD7D845FFDC98495AEB29AD1FE81930C4741B87CB5988EB7A2FA2493A8EB0AD764139076E8B3778E8E70DEAAB07882C412B9F4ACED9CB9961EB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "A McAfee ingyenes webes v.delm.nek ig.nybe v.tel.hez kattintson a(z) {0} elemre.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "B.v.tm.ny enged.lyez.se",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s bekapcsol.s.hoz.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enged.lyezze a b.v.tm.nyt",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, hogy tov.bbra is biztons.gban legyen online a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s r.v.n.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".rizze meg a m.dos.t.sokat",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, hogy a McAfee. WebAdvisor bekapcsolja a hozz.adott v.delmi funkci.kat a McAfee. biztons.gos keres.st, a hirdet.sblokkol.st .s a k.vet.blokkol.st.",.. ADBLOCK_PERMISSION_ADDE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1405
                                                                                                                                                                          Entropy (8bit):5.465869446781161
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT1z0nFTVKnrpGpcJVKnrpGNG7FTVKnrpGrjQDej2lDuzgx:Fz0FTYrpGpcJYrpGNGBTYrpGrjQCj2lv
                                                                                                                                                                          MD5:66A94E7B4E31892F28A39C5C21EDFA29
                                                                                                                                                                          SHA1:A0AF983CCE61A29F051654B8B8BEA9F854BF505B
                                                                                                                                                                          SHA-256:4F1AD7E17605DB5AA697B12F20992B0680C281365C2A57DC38B653697D3B9A2F
                                                                                                                                                                          SHA-512:BF094A38258435E0CE112928DA1E8A1CDCFB0706576F29686AA4C5DD2189AA27DFB4665010D9707B576E1C73ED97E89DE978720CD5DFD74E993967FD0C1EEE88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ottieni la protezione Web gratuita McAfee facendo clic su {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} per attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} per restare protetto online con queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Mantieni i cambiamenti",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} a McAfee. WebAdvisor di attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Consenti",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Attiva

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1682
                                                                                                                                                                          Entropy (8bit):5.755218080478307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:x8H0vGRwMvNaRw8CvrbQRwA8vxvovyZWKzAFV3:a2UwuewDrWwA+pyqWKMFF
                                                                                                                                                                          MD5:BC463EE3DA1F25CE1DD7B76E9CA05E2C
                                                                                                                                                                          SHA1:A87F7C887D8FAB4191687AF39AEEA2297A2A1EB3
                                                                                                                                                                          SHA-256:A8A56277FFD79EB42ED1170652D84F193917412160FD8529836DA3265753AC77
                                                                                                                                                                          SHA-512:EEC3CB2B0EE92E05375638A728E1BB491AE97E1474AB6397441449D97CCAF81E33278C64D4CD7910AFC755205E2940F34652B60CA93F3C3D4888944869ED32A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}................. Web ............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}.......... .... ..........................................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}.......... .... ..........................................................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".......",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "...... ..........{0}.......... ...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1350
                                                                                                                                                                          Entropy (8bit):6.006146131137553
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT5dVhbu+vNh0/p7OvmksBv01I+vqNhGjB+Xx2ZZBju0p:pXvkJOvmdBvAvq5B2ZZB60p
                                                                                                                                                                          MD5:06702AF578E6B22482A75FA51B843965
                                                                                                                                                                          SHA1:FA2AE0343264EF1DBF4B579E29192A08AD7CC2ED
                                                                                                                                                                          SHA-256:286BA24428AC4ECC198BA77B2A58943451CDC3BD1F205718C0C1EE52280FC244
                                                                                                                                                                          SHA-512:E3E002E02B9AE44F51753D2694CF95224C4DC7FFD3E030CFA8E3D6910B9B7CC0B94E8BD393816521ABD3A4090F0E5BAD38243E5BCA7E31FC37365D9B1A7C6EFA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}. .... McAfee. .. . ... .....",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}. .. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}. .. .. .. .. .... ... ... ... ..... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".. .. ..",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "McAfee. ....... {0}.. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: ".. ..",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1389
                                                                                                                                                                          Entropy (8bit):5.562698623437252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT7bqCaYyGIG3aYEgdXCCaYIRSPuA9/3QFYKDOVh:rWCaPQ3a3gdXCCa1oPuAN3Kbq
                                                                                                                                                                          MD5:17CFA17F85DF05A9623708D6159DAE42
                                                                                                                                                                          SHA1:88128E5BF8DF4830B1EA3EB6175279A7488EDD38
                                                                                                                                                                          SHA-256:73C4F22C1EC7440DA09B3370F01264A28FB660EA99488D9937147DAD229714B2
                                                                                                                                                                          SHA-512:30D18EF68DFA53348B0490ED053356199B28FE511DC44023961055110EF9F0606DD2B26AA53CC09C6A88C6E5DA05DEC03BB297B3CB3235172614F45148350354
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfri webbeskyttelse fra McAfee ved . klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for . f. uavbrutt nettsikkerhet med disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold endringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillat",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktiver utvidelse",.. CHROME_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1362
                                                                                                                                                                          Entropy (8bit):5.488513290813395
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT+2CwmVpm7KECQc6WpV6LqKECh6zhpTnKECZ6BMcpS3KfwDwzxFU5qu:ulHXQc6CVsph6znTCZ6BMIS3KQAxFU5V
                                                                                                                                                                          MD5:4FEC3D3013AE3960661692481D4EDB83
                                                                                                                                                                          SHA1:EB94F6848879D5C40B34C4CDCE9C075051FB820A
                                                                                                                                                                          SHA-256:F4E6730E587783080569765A77A785382751900C2ED5B6272D020DAEF43B85F6
                                                                                                                                                                          SHA-512:A6154C22506833208B9DEE8839362E6A0DFBBC14023E7E9686E6FF33531F5EB16525B1CD6B4F4D739EDA3B58F66126AB313376023C1C6779D5164D2CE20D17E0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Activeer uw webbescherming van McAfee door op {0} te klikken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} om deze functies voor Extra bescherming te activeren: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} om online veiligheid te handhaven met deze functies voor Extra bescherming: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Wijzigingen behouden",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} dat McAfee. WebAdvisor deze functies voor Extra bescherming inschakelt: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Toestaan",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Extensie inschakelen",.. CHROME_ENAB

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1445
                                                                                                                                                                          Entropy (8bit):5.692269550840036
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HThG9K7qoBXUUyTNHyAoBXs0W17ZGoBXQLVTEaWjNwc4u2Hs:xG99IXnkHyAIXs0W17ZGIXQLVoaKNwcf
                                                                                                                                                                          MD5:43192C8FC49E340A87336605440CE8B8
                                                                                                                                                                          SHA1:3FFEE3CD20B1AD2FD89069B1A78E307F3D039275
                                                                                                                                                                          SHA-256:81EE335AA99A98334D55E38836706FC2ED29716BF8A346F4C176D4007FAC49A0
                                                                                                                                                                          SHA-512:6983C41D20C456227AD37107720B4BE3655C605DFFDD8EE4AC66B6D8DBA1E1769A4B5B952B3DECE12F256EC03D86EA672CBF793A1AA85F95F4E93A0954F20A8F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Otrzymaj bezp.atn. ochron. w sieci Web od firmy McAfee, klikaj.c {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, aby w..czy. funkcje Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, aby zachowa. bezpiecze.stwo w Internecie dzi.ki tym funkcjom Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zachowaj zmiany",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} programowi McAfee. WebAdvisor na w..czenie funkcji Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Zezw.l",.. CHROME_ENABLEMEN

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1387
                                                                                                                                                                          Entropy (8bit):5.506991556456199
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTBsKJqk3NnebNgHbrxkHjFRt7Siu47VfMnOA/+O:yaqk3NnebNg7rxCFq4ynOAWO
                                                                                                                                                                          MD5:FBE39EC0DBFE2816B42BB68887D3B030
                                                                                                                                                                          SHA1:B82CF4E6B4A5C3E74CB1E2DECCB94DDE56330142
                                                                                                                                                                          SHA-256:910C7854052E7CB18154EC9FD2DC1C743291D8917034F27006F6CE1681FBA084
                                                                                                                                                                          SHA-512:95D68E16B68CDBA3266DE12ECA52C44AE174F7A1DFDAA9FEACDD274A518F801ED8F648471EB04A49E56BCEB6E95E19EC0173366F77533DFB9B8BB842B686441B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha sua prote..o gratuita na Web da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter seguro com estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} o McAfee. WebAdvisor para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ativar extens.o"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1439
                                                                                                                                                                          Entropy (8bit):5.517413148992093
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTBV0k3gQWF3+be0GQWF3+hgoQQWF3+vxkHjJYPJW11wgQdg:D0k3gQWObe0GQWOhgvQWOvxCJuW8gQdg
                                                                                                                                                                          MD5:4AF297B7BE41DFA4EB86EF803461EB18
                                                                                                                                                                          SHA1:9AC16E6A1D01A324010204054F678641EFC3FC92
                                                                                                                                                                          SHA-256:9ED643E393BC88F631B0F68A640F71E077305F1577A11290FB26E2E95706DD79
                                                                                                                                                                          SHA-512:5ECA544EE9D6A1A43E8A33FCD9A8AC1916120ECD209FA23DB8A9F421D6368A1F26EA6E5E7A7C60603CEFA7342F6131A8CCA55B7014C261058870ACA5CCA16C80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha a sua prote..o Web gratuita da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter protegido online com estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} que o McAfee. WebAdvisor ative estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. C

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2030
                                                                                                                                                                          Entropy (8bit):5.254060167581995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cjVIb3DoC64sVmb3D1tazjVIb3DzImiLvyxvMwSO:QVi3Z2VM3enVi3v2vyfR
                                                                                                                                                                          MD5:09128BA6C4A2812132FD41727A02E40B
                                                                                                                                                                          SHA1:B3F8731DA4FDC9CE05D3B7CC07F4440173EDDCCC
                                                                                                                                                                          SHA-256:C44010F0FD357E46AD0D250CD55E5735B23FBDE8D2A086C4719DE926C6C09FEF
                                                                                                                                                                          SHA-512:4FEAA71EB155A97200B1A10379230E114E9D598DD2FB38FCDFC994356FEDCC761A4A6DC2A32C7FF003FA22F3BA171A24CB052A8241785D56849983D8A7B90B8C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "........ .......... ...-...... .. McAfee, ..... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, ..... ............ ......... ....... .............. ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, ..... .......... . ............ . ......... ......... ............. ......... .............. ....... ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_SEARCH_W

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1420
                                                                                                                                                                          Entropy (8bit):5.798786258877509
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT/iSRyjWeDvEPpRK2NF1I5DyjePD+hCf3c4kc+QF9IAAPE:P3YSeYpccF1Ic6Chm3j+o9Ivc
                                                                                                                                                                          MD5:FACAA2C2A3350F1443A87605DA328AF0
                                                                                                                                                                          SHA1:A6CD0F183589885006C239D045A4C89058615A2F
                                                                                                                                                                          SHA-256:6B4E3ED3367672335686B40AD3949C38D1A3E8897EBFB2D1B78EEFD705D387F2
                                                                                                                                                                          SHA-512:E50B018B9116249D39ABFB9D9FD51BAF15A6314796B9A5E8018FB684AA1E393A2E06E02FBD52474DEE9BA29703A5379EABFD796A7320E6994F50D70881B7D5C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skajte bezplatn. webov. ochranu od McAfee a.kliknite na mo.nos. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapn.. roz..renie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a.aktivujte funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapnite roz..renie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} a.nestra.te ochranu online v.aka funkci.m zv..enej ochrany: zabezpe.en.mu vyh.ad.vaniu McAfee., blokovaniu rekl.m a.blokovaniu sledova.ov.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechajte zmeny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor a.zapnite funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Povo.te",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Zapnite r

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1338
                                                                                                                                                                          Entropy (8bit):5.6423626000899
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT4eGvvtCawa+dCIHrFwa+Npp1mCawa+rUoDOGnDkpJcdqQ2y:IeCvtCawa+dCIBwa+NVmCawa+rUoDOGB
                                                                                                                                                                          MD5:ECF03F3BD3F117CCA572E4115F895708
                                                                                                                                                                          SHA1:91DCE729E254520F77FCA79CB3E70754562E9152
                                                                                                                                                                          SHA-256:DDD74FF9C6E80A9F283D248325D47316EA5ED2E5E00B641F35E08B0DABCE7C27
                                                                                                                                                                          SHA-512:95A4631E5DEE63D056621C40AC2CC304317187D94DE05FEC741ABABC3FFA8ADD2A3C3EA2318B7132464C45C3E2298195AE4BCC45733CD9A098129335613C327D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ostvarite besplatnu veb za.titu kompanije McAfee klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste ostali sigurni na mre.i uz ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zadr.ite promene na",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Dozvoli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.ite ekstenziju",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "da zavr.it

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1361
                                                                                                                                                                          Entropy (8bit):5.638807761088261
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT7ecjfypbD4qpbD02gVpbDYX/P33zMc2LUF:rDOpbD4qpbD0JVpbDYX/P33zd2LUF
                                                                                                                                                                          MD5:A7C892B18D262BC145A2DE0971AD1830
                                                                                                                                                                          SHA1:E8A072A5D33735F35656D9D6DF28A5EADAE2A0A9
                                                                                                                                                                          SHA-256:CC46652252D575B63859ED5BCFE4AC1F9D4639B0021DC86805500856B45D5733
                                                                                                                                                                          SHA-512:BC0982D7B38CCAF90F779594DEE9ACF43CAF05498FEDB9737CCA7E0D47D3DAFC4EE27B90592FB577E71E585073E5A45A4A379D46209105E5015A3482B45AFAF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfritt webbskydd fr.n McAfee genom att klicka p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} f.r att forts.tta h.lla dig s.ker online med Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Beh.ll .ndringar",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Till.t",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktivera till.gg",.. CHROME_ENABLEMENT_GUIDE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1404
                                                                                                                                                                          Entropy (8bit):5.668672857602126
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HT3Nd7QUN3Z/UVXMJgYZ/v94oIuZ/Nc7I4dBng5cFEicvX6j:tBQUNGVcDxBc7HTFR
                                                                                                                                                                          MD5:3285945713F8099A491E5910E9F5CDD8
                                                                                                                                                                          SHA1:18C8E215A29E6151DE39DE2F98F352815053B1CA
                                                                                                                                                                          SHA-256:C0544A7D705ED5D777D72383D72DE8756C1F1B022CD01AC66FA1DCCAC34A75CE
                                                                                                                                                                          SHA-512:37B7EF1009098EF11A0B90CFC05E5361162E8515F947D87999D663AF750C420A62BC8B9377C2B37A81A1D61964C47693BC1DA5ABE0D67D13E567F0DDDADEB1D9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0} .zerine t.klayarak McAfee'den .cretsiz web korumas. edinebilirsiniz.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Bu Ek Koruma .zellikleri ile .evrimi.i g.vende kalmak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "De.i.iklikleri kaydet",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in McAfee. WebAdvisor'. {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: ".zin Ver",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "WebAdvisor kurulumun

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1303
                                                                                                                                                                          Entropy (8bit):6.289340282266
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTjjZ8CKz+1CaxNs/CthZvG7qXdW4mUs/nbSCH:pQzaxmahZv9rm3bSY
                                                                                                                                                                          MD5:80C4177F291119F669C2157B39E4758D
                                                                                                                                                                          SHA1:23613E210FDE5BE4FDB87F0B2D67806056D072B7
                                                                                                                                                                          SHA-256:3D8B6BB483F86B553CA719D38A8DB7187CBDB02D5F593A4128EEE6B4D0F3FC36
                                                                                                                                                                          SHA-512:73166AEEF02ED6EE0317EC0746063CF05581C377DA46548F2B6A5BB9013D3F2EF8CDFB7CF7DB07293A44F8F347E2954C882BA89E161D9A2B3D1B42E12587105B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} .............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} .................. .....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} .................. ..............................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} .... ...................... .....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1249
                                                                                                                                                                          Entropy (8bit):6.299966282396261
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HTAOzmcPZeSlGkyTDnZZeSlGCGtDcPZeSlGW17/10lQZ0S04CdugElO:dzmkCkyTDn/CCGtDkCW1aZKU
                                                                                                                                                                          MD5:F8B54967B08380ED852C72726B751D6E
                                                                                                                                                                          SHA1:D5161619125D555189F557F7F94433F4F6CCBE09
                                                                                                                                                                          SHA-256:8E0EAC94E355504F9BE57467FE91ED19F76113F49C602BBE3F8AEF7228EAD877
                                                                                                                                                                          SHA-512:91066ED2105321CA85EE03F7ADB5938D896746B48F90B0E40662FC3705F895AED12192B4C71F4385C86E60C8DB3810FF89C18F3A680AF28D02D053C0955BF6A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} ..... McAfee Web ...",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}............McAfee. ....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}....................McAfee. ....................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor ...........McAfee. ....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "... WebAdvisor ...",.. CHROME_ENABLEMENT_G

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1048
                                                                                                                                                                          Entropy (8bit):5.760018493827392
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGY406vV41eK+59CpMSqKBgvtdUeniGdZIVOEF3CR:24e+59YMdZZENs
                                                                                                                                                                          MD5:E505B63A2F328822A3457CE03843F8DD
                                                                                                                                                                          SHA1:A2E82758DBFEF138D8B536A71088AF52671A2C49
                                                                                                                                                                          SHA-256:2A0E957EC208B9CE5E39E0EFAFF9880D45D2C8C64FFEE40295D1156287CE7DC0
                                                                                                                                                                          SHA-512:D2F9049AB97F03359B9A276FEC7BEDDA3B3ECA66B4F2C8C26675BAAC66629FE65076CEFBDB9B73F118FDF360F637DC8EE185033F7148BA1DB94EAC62BFB40EBE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Zajist.te si ochranu v digit.ln.m prost.ed.",.. WAIFF_TOAST_DESC_1_COHORT_1: ".kolem n.stroje McAfee. WebAdvisor je chr.nit va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_1: "A. ji. nakupujete, vyu..v.te bankovn. slu.by nebo proch.z.te web, na.e bezplatn. n.stroje v.s pom.haj. chr.nit . a kyberzlo.inci nebudou m.t .anci.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, kter. chr.n. va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Povolte n.stroj WebAdvisor a zajist.te si ochranu p.ed viry, malwarem a dal..mi hrozbami pro va.e online zabezpe.en..",.. WAIFF_BUTTON_ACCEPT: "Zajistit ochranu",.. WAIFF_BUTTON_REMIND_LATER: "P.ipomenout pozd.ji",.. WAIFF_BUTTON_DECLINE: "Ne, d.kuji"..}..//2D7CC7931A39F234558A33CAD3765970C45ECEEBFC60F421404D6FD52805E367D7FEF22B9BD2546776

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):986
                                                                                                                                                                          Entropy (8bit):5.435709474604912
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG92vXRwV/YIehPFXc9vLfcRwV/YIeSP/GIi7dZMVIxvvBe9WuZ:nVYC9rVYttZdBAWuZ
                                                                                                                                                                          MD5:8DD44453A825D8504CD91FEF29030128
                                                                                                                                                                          SHA1:16CEF0BFC6428B38C5488A03401C632DEE21E585
                                                                                                                                                                          SHA-256:10DB66E4B9B2F8D3DE626F7BB96C01195FC1E687376000882367434350690628
                                                                                                                                                                          SHA-512:0C93254EDBD114167FF665DEC67725CCC1E620997A3B6F8E6BA97EE38EAF72C6EA3901E7FDB0ADCFC5CD68A6E9FFA0C6B5D80A6E4801B834B89F8C921C73ED47
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskyt dit digitale liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Uanset om du bruger internettet til at shoppe, g. i banken eller bare surfe, holder vores gratis v.rkt.jer dig i sikkerhed og beskytter dig mod cyberkriminelle.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et gratis v.rkt.j, der beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiv.r WebAdvisor for at beskytte dig selv mod virus, malware og andre onlinetrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "Sp.rg mig igen senere",.. WAIFF_BUTTON_DECLINE: "Nej tak"..}..//1532520A68DAC3FF2BEAFC834A0932CA2D053A2667AA7FC3F3FD2FD43200A638DFACB3FB2FBD41D63D9452CA737886EE9F1A89E9CCF76158CB1CC2393F59AF1D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                          Entropy (8bit):5.441717163928068
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG+QvxOeGg/OA9kNlv1VOe3F0Sui7xQd/y/QVZNfmKn8vWwn:QWX9GftF0SJxMa/uNOKnRwn
                                                                                                                                                                          MD5:B8AB88AD26362724B3AA05E44B1D8AA7
                                                                                                                                                                          SHA1:31F8AFFB3DD03BF3B71A1C0FDFE19F5B0C53DD25
                                                                                                                                                                          SHA-256:3BB32AFCBE6FA6DFE6C3043FDB7494B4F5431CAE2B22BD4916950310CE553098
                                                                                                                                                                          SHA-512:EA3382B0E4634061FF6542B81F6394EDDCB0593157B7E67806FED5552474616652F9A53644A947A2592603C84D77A769E06075AC2F9B953EBFE25F2ADCA03E40
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Sch.tzen Sie Ihr digitales Leben",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ob Sie nun im Internet einkaufen, Bankgesch.fte t.tigen oder surfen: Unsere kostenlosen Tools helfen Ihnen, sicher zu bleiben, damit Cyberkriminelle keine Chance haben.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Das kostenlose Tool McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivieren Sie WebAdvisor, um sich vor Viren, Malware und anderen Bedrohungen Ihrer Online-Sicherheit zu sch.tzen.",.. WAIFF_BUTTON_ACCEPT: "Schutz einrichten",.. WAIFF_BUTTON_REMIND_LATER: "Sp.ter erinnern",.. WAIFF_BUTTON_DECLINE: "Nein danke"..}..//9073A30F9664CF09836F767851BB037E22FDA60D15A5634B8E39A2A3D0A6E6AD959A0A27A26F31E6697A26BA09FD6F70BD14A721

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1606
                                                                                                                                                                          Entropy (8bit):5.12079517663386
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGwvlT6DePnEHleEnM+na8cEseDrXHrRvu1QGRXePoEHlesD3ir3rwqDijGduaX:4HEHXnjKEXDrXrgKeEHXbirDduDAnyXW
                                                                                                                                                                          MD5:DFA837AC4D05F6CE45A354E6D5CFA8B7
                                                                                                                                                                          SHA1:D5CE22779221CEF597991AE73B082BCD5E74A995
                                                                                                                                                                          SHA-256:64F170EFCDD20FDC04B172A6F1B13C0700CDDB9862D5064CEABEB9732008273F
                                                                                                                                                                          SHA-512:D7FAA1DC24D8D63EE1EBCD52773F623CF6E0E7FD41E4435E73E77EDBF5A0F43887466B23FDDCE02B4073EBA3C151668F53EAD526A161C97BC74EED2DE4B92735
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "......... ... ........ .... ...",.. WAIFF_TOAST_DESC_1_COHORT_1: ".. McAfee. WebAdvisor .... ..... .. ... ......... .... .......... ........... ... .. ...... .. ..... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".... ............... ......, .......... .......... . ........... ... web, .. ...... ........ ... ....... .. ... ......... .. ........... ........ ... .. .......-........... ... .. ..... ..... ........ .. ... ...........",.. WAIFF_TOAST_DESC_1_COHORT_2: ".. McAfee. WebAdvisor ..... ... ...... ........ ... ........... ... .......... ........... ... ... .. .. ...... .. ..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):915
                                                                                                                                                                          Entropy (8bit):5.48084822062607
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG/4Iv74Ge+uVfWMhCHJHvU0hGecZrD5i9dwdS/VF2Wp:l4guUMgHJM06ZSdsSr1p
                                                                                                                                                                          MD5:D7C523A4330183ECDFB3ED016E957B67
                                                                                                                                                                          SHA1:25602D1FCAC86AF4145D6ECE96C92783B5C6FC7A
                                                                                                                                                                          SHA-256:F02BC806DF57949524FC7D48397812447814F69C0594E3F7E6A17D94F030C83B
                                                                                                                                                                          SHA-512:E2A795A4613E5AC3273DDCAEB36C900CAE514694E9849D361484EDEE6B2D3FBA8066E068F5FE6165F6C169092784CEAD23671D2767F5FA1A4E4C3422A8C0A21A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protect your digital life",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor works to safeguard your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Whether you shop, bank, or browse the web, our free tools can help keep you safe -- and cyber criminals won't stand a chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is a free tool that safeguards your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enable WebAdvisor to protect yourself against viruses, malware, and other threats to your online security.",.. WAIFF_BUTTON_ACCEPT: "Get protected",.. WAIFF_BUTTON_REMIND_LATER: "Remind me later",.. WAIFF_BUTTON_DECLINE: "No, thanks"..}..//1EFBD8890FBB6202F25E76BFB37BED3655C526CA13A6C39F091FF77FCDE1E74DE3D6E0E418634F157714134E83372490132403F9CAFE4ADDD0BAD0869BB246A7++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):965
                                                                                                                                                                          Entropy (8bit):5.430144610649704
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGKvMwKimzpe4sTtkAFvZxR/mzpeWLdvRYjiOdSXkHVovcZQn/:V/RcKkxspJYbSXkCvT/
                                                                                                                                                                          MD5:3C86994A03EFD552740F47DFF61F2632
                                                                                                                                                                          SHA1:84C2DF7247E0D593AA125FB1BE6ACB5B2ACC7255
                                                                                                                                                                          SHA-256:77027DF4446456D0CAC8ECF2DC179A9B52C87D8879B04845C5BF4BD25EB7314C
                                                                                                                                                                          SHA-512:323B8CA7FF2F276313186115952B958FF46C4D4F0099E3C81D53477595DFC4798BE577FE60D00026B889C7CE6315AEF98AB640D0B4A7226AA3B438B007013CAA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja su vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor est. pensado para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nuestras herramientas gratuitas pueden protegerle al navegar, realizar compras y gestiones bancarias. Los ciberdelincuentes dejar.n de ser un peligro.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita pensada para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para mantenerse a salvo de virus, malware y otras amenazas para su seguridad en Internet.",.. WAIFF_BUTTON_ACCEPT: "Protegerme",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//5CADD3F77C0E66E7E9C653CCDB6068983600027CDC981F2BF04A7CCED5F75255DAC5D9EDCFA397981228886DE827C6389075ABD3EDB8965F01DCAB9895E54148++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):938
                                                                                                                                                                          Entropy (8bit):5.466446767836645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGSvyUpep4n0OlvZxxzpeWLZV2iadSXkHVhZdUR1OMUn:R4nHxP9KSXkLj61ZU
                                                                                                                                                                          MD5:E581CCEAC4CBDE3C8B591F5D9BA9CB61
                                                                                                                                                                          SHA1:C4CE35FAFB92B301340F90BB72C30D1329DEC944
                                                                                                                                                                          SHA-256:E72C1ADD92CFFF72470A7C7A5C93927E1A62AEB71179D1C75D10B6F773BB51E9
                                                                                                                                                                          SHA-512:D9E539813884E88EAD2918516E0DB348EB7F842C1BAAB963DE51C7AADC0583AA04F68FAA071F8FBF06700534EB382CDD0C1ECA9B0132AA76EBDF8E0A5EDE2AF4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protege tu vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabaja para evitar que su informaci.n caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Sea que compre, haga operaciones bancarias o explore la web, nuestras herramientas gratuitas ayudan a mantenerlo seguro, y a derrotar a los cibercriminales.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita para evitar que tu informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para protegerse contra virus, malware y otras amenazas a su seguridad en l.nea.",.. WAIFF_BUTTON_ACCEPT: "Prot.jase",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//986CBE9BB839AD7FD0E82EC24863593924C4EE5FA0089D72CAFC5214B0C0143744585021A2195EF66F2D533D7E457C70505EAAC87A7947EA44848B60C4F68D78++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):992
                                                                                                                                                                          Entropy (8bit):5.529748026711536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGrvpj8feM9FkTJ/XvQEbJjZjeX3EliRDd8tmQVatYBN:3qF4Z59lQEmdpYP
                                                                                                                                                                          MD5:B11BD16225904F9E4333E265D8C85A3E
                                                                                                                                                                          SHA1:EB68585E42DC33FCCDBCB0D8C79A25A1ED675AB5
                                                                                                                                                                          SHA-256:E3CCEC953211A2967B5F3C47259FC7F3CE647E1D5E28A385B843A4E3EF867BBB
                                                                                                                                                                          SHA-512:233C7BE4DDAFD2817022B52ED313FF911BAF8378A7197D0DAA82CBB53E60762F0EB46295902E46C3D232105B7F371AB2BA71CEEE65E8FA2791B4520F52C6FB3D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Suojaa digitaalinen el.m.si",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor pyrkii est.m..n henkil.kohtaisten tietojesi joutumisen v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Miten tahansa viet.tkin aikaa verkossa . ostoksia tehden, pankkiasioita hoitaen tai sivustoja selaillen . pysyt turvassa maksuttomien ty.kalujemme avulla. Kyberrikollisilla ei ole mit..n saumaa.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor -ilmaisty.kalu est.. henkil.kohtaisia tietojasi joutumasta v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ota WebAdvisor k.ytt..n suojautuaksesi viruksilta, haittaohjelmilta ja muila tietoturvauhilta.",.. WAIFF_BUTTON_ACCEPT: "Hanki suojaus",.. WAIFF_BUTTON_REMIND_LATER: "Muistuta my.hemmin",.. WAIFF_BUTTON_DECLINE: "Ei kiitos"..}..//011BB8325FD03891334C8279A0470C6FE648B32EDA959849E0B181B27B45DF5922C170AF6702EC0A93C784541171E4C1BACED490D804C949C7F19324AA2F2E0A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1082
                                                                                                                                                                          Entropy (8bit):5.443278347494329
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGNwvlMmlPcePzFzW0AvZrONq2lPce+XRKjwihGyAdCVqRoj:SMmlxpq0YrR2lkRKRUoj
                                                                                                                                                                          MD5:9588E1A8FD12FDCE77EA9AC50535E92E
                                                                                                                                                                          SHA1:563F0C9C4AD63303F1027538E18318F4CE3B925A
                                                                                                                                                                          SHA-256:D10B9731734772743B91181FC3D17D7F2A48738542292403068E524B1F52BC8B
                                                                                                                                                                          SHA-512:00EB21616DAD4450A1BBB24CD7C04A40C06EE29BE78962C7306AB63D54CD8B1BC2A8309AFD45F8EE46911B930AA9193ED907590789D1A96417E7D35729AEF4C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre univers num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor oeuvre . s.curiser vos donn.es personnelles et les emp.cher de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Quand vous magasinez, effectuez des op.rations bancaires ou parcourez le web, nos outils gratuits contribuent . votre s.curit. -- et les cybercriminels n'ont aucune chance contre vous.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui s.curise vos donn.es personnelles et les emp.che de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, les logiciels malveillants et d'autres menaces pesant sur votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: ".tre prot.g.",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler plus tard",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//0CEC8C4DAF3307B881207E579211632EA67F6D72001BE860

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1128
                                                                                                                                                                          Entropy (8bit):5.397343027672221
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGmowvBtNhlFsceiA/6FVFzupllnF4vZrJ5NhlFsce+XvJ+wiZQdqVqDFGkp5W:eNhllA/6FVFOlOrJ5NhlNUMxFGkpQ
                                                                                                                                                                          MD5:225BC263E2FF4DF711EBD4B608BC17C0
                                                                                                                                                                          SHA1:2FB1AD94092F412A17B93268B51904BA47E2EA2C
                                                                                                                                                                          SHA-256:3DF8B95C3CB6739F3A3B7587C9D221BFFD14F6F7890390A1079FC091FC63FBA8
                                                                                                                                                                          SHA-512:590ACE282A74FEBD09613D8AE57DA9E459E10DB6DBAE52DB64B4D913A549472159F93EB112F801D53A5001D0C1BFB28D5EE07B6EFF2FFBA96DAF3A714D0451C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre vie num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor s'efforce de prot.ger vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Que vous fassiez des achats en ligne, effectuiez des op.rations bancaires ou naviguiez sur le Web, nos outils gratuits vous aident . rester en s.curit..: les cybercriminels n'auront aucune chance d'arriver . leurs fins.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui prot.ge vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, logiciels malveillants et autres menaces pour votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: "Obtenir une protection",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler ult.rieurement",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//C0

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):970
                                                                                                                                                                          Entropy (8bit):5.5335623778383525
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGjvA5v/6FewAv/dHvav/6Fe0QhJ4Mmi6dwVmGbxFdFvO:S5vyAvlSvSG2M0hO9vO
                                                                                                                                                                          MD5:E589CCA4574BE9C31479BB5F884426F5
                                                                                                                                                                          SHA1:694479FCD6530106F7AB9165250FFB53EE8A847D
                                                                                                                                                                          SHA-256:EF54BAC483A824E52C05090A5310164A99475ADCA91FA88E9D598F7A66BFFBE0
                                                                                                                                                                          SHA-512:C2DD95276DE0E90E260B7AE0EC9FEA5C3ECAFDB96D8E00DAF7858C62F7517DF81D7EAA3ABFBB9F60335D18DE2FD69C998ABE6C24B8AAFD65056D977480EC5394
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor djeluje kako bi za.titio va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, bankarite ili pregledavate web, na.i besplatni alati mogu vam osigurati sigurnost - a cyber kriminalci ne.e imate .ansu.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatni online alat koji .titi va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite WebAdvisor kako bi se za.titili od virusa, zlonamjernog softvera i drugih prijetnji va.oj internetskoj sigurnosti.",.. WAIFF_BUTTON_ACCEPT: "Za.titite se",.. WAIFF_BUTTON_REMIND_LATER: "Podsjeti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//B7D9D738B85EFDD8629EBABF36A768FADF1CC54EA171C1EBECBDA4FAEB03A547E1C1A4359FDC52074496C5BD99C3F78A7F74ED451BD698363059BE0794076EDB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1111
                                                                                                                                                                          Entropy (8bit):5.601373452697428
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG7bmvSr5Mycde/FsuaVvQG2Qe5MycdefYasTyrikPId7r6QVbTzV3ms:RTUju5UJ3TyVE7NzV2s
                                                                                                                                                                          MD5:C334EA1C53721513A8175D592F74282F
                                                                                                                                                                          SHA1:496D139F91706805D93C7B3CFCAF66AEFFCDCD98
                                                                                                                                                                          SHA-256:806CE13BB964B56733855FDFBDD6B7D750B2678A59132609399CE2348F15562C
                                                                                                                                                                          SHA-512:7B16FB9FDC4B9BEA6B702403FC9137D5514131C4A6CCE0AE0AE12D3E7A86A431777F1BD820A075BD96E06402FCDEE01F6169BA53CDFE3367CE3B9CCAB3FE93F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Gondoskodjon digit.lis .let.nek v.delm.r.l",.. WAIFF_TOAST_DESC_1_COHORT_1: "A McAfee. WebAdvisor megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ak.r v.s.rol, banki .gyeit int.zi vagy b.ng.szik online, ingyenes eszk.zeink gondoskodnak v.delm.r.l, hogy az internetes b.n.z.knek es.ly.k sem legyen.",.. WAIFF_TOAST_DESC_1_COHORT_2: "A McAfee. WebAdvisor egy ingyenes eszk.z, amely megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enged.lyezze a WebAdvisor funkci.t, hogy biztons.gban legyen a v.rusokkal, a k.rtev. programokkal .s az egy.b vesz.lyforr.sokkal szemben, amelyek online leselkednek .nre.",.. WAIFF_BUTTON_ACCEPT: "Gondoskodjon a v.delemr.l",.. WAIFF_BUTTON_REMIND_LATER: "Eml.keztessen k.s.bb",.. WAIFF_BUTTON_DECLINE: "K.sz.n.m, nem"..}..//F8C3CE8799AF89B1814

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                          Entropy (8bit):5.359773111268553
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGKk2vkvtdeLny8MK9GEreLYvl6lvtdeVHD/ikdCeitVt6lVH:tBQxMK7eLjYCelH
                                                                                                                                                                          MD5:404D11F879ED6E62D18F660F4F1011C8
                                                                                                                                                                          SHA1:C6E242DA3C3065DFE036D13672AB621C9E0A3FB3
                                                                                                                                                                          SHA-256:C2B18461D35D0C0C0A1BB900EC807E301446400E4B8B5BA59C49A5E28CC15626
                                                                                                                                                                          SHA-512:5690CEC6EBC4D81279BDD0DA79AA1E6685E357C850A7C3E612065DFFAAAAEA197D77BE5431D463DC5B47824A32C02977BDFF735BF139225463260C3710F59808
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteggi la tua vita digitale",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_1: "I nostri strumenti gratuiti ti aiutano a restare protetto e tenere alla larga i criminali informatici quando fai acquisti, esegui transazioni bancarie e navighi in Internet.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uno strumento gratuito che impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Attiva WebAdvisor per proteggerti da virus, malware e altre minacce alla tua sicurezza online.",.. WAIFF_BUTTON_ACCEPT: "Proteggiti",.. WAIFF_BUTTON_REMIND_LATER: "Visualizza in seguito",.. WAIFF_BUTTON_DECLINE: "No, grazie"..}..//EAC9F80E8618CDBC45FC85134AE6F861DE735D32C594F841A6913BC2359239D28AE4C338C666E7F3FCA841B52B3DD9AA4556DC92DCEA42213C1F6218023D5030++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1220
                                                                                                                                                                          Entropy (8bit):5.7286091836828925
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG7QvTYRFqOqeEnckuxTvlRFqOlesuhxkOQihdPvIVb7ShxE/L8:ZQYRFqkZrRFqcuzBvPv3TSw
                                                                                                                                                                          MD5:9A461AD6044F77B3FB4376D329C5BDC3
                                                                                                                                                                          SHA1:856F5181B0DD3E37D75BA56508BCF4E6B94BB72D
                                                                                                                                                                          SHA-256:CEF79F28B5A658337EF6781F138900A7780DE9611060F9F7FC9BD67C165C83D4
                                                                                                                                                                          SHA-512:A02983E2C3CD19F0D9F016F620322EE54FE7948982F47F9449309872B68F8EFAC6538D93EA6CE7848507AFA645C0F8DC8F61A48C7E230EDDADAD263A77974DCB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: ".... ...........",.. WAIFF_TOAST_DESC_1_COHORT_1: "...... ......................................",.. WAIFF_TOAST_DESC_2_COHORT_1: "..... ............ ................................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "...... ............................................",.. WAIFF_TOAST_DESC_2_COHORT_2: "..........................................................",.. WAIFF_BUTTON_ACCEPT: ".....",.. WAIFF_BU

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):986
                                                                                                                                                                          Entropy (8bit):6.006191144297644
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGqSv513heSk6BcSVpFrhjvG13DaJe/MhCowW/irdijVAJv4PCi/xd:0cdFvrhqD0QRPii43/xd
                                                                                                                                                                          MD5:826BE52F97F182988B05316488896FF5
                                                                                                                                                                          SHA1:7ECFF3C6EC7E04EFBAED0C7172193443FDBCDACD
                                                                                                                                                                          SHA-256:39803F96BD52CFD1783B3D59651405FC5868D974CDA0769378B54E878D0E32DF
                                                                                                                                                                          SHA-512:A7527B4679C750D4524F4AB6CC61C73D94F82EF5EE8C5EF55310EF2A4FB2217A5B79D662ACC6AAE370BD27D586EA72A6255B28712F0E89B3D3C47515B9D5C437
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "... ... ..",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. ....... .. ... .... ... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".., .. .. . .. . .. ..... McAfee .. ... ... ... .... ... .... ... ... . .....",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. ....... .. ... .... ... .... .. ......",.. WAIFF_TOAST_DESC_2_COHORT_2: "....... .... ...., ... . .. ... .. ...... ......",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: "... ..",.. WAIFF_BUTTON_DECLINE: ".. . ."..}..//587D3BC96BBFCC814561D97E8453CB0AA16E3850F8CA4F313F9E917704B7B7BE0D47DD925B20EFF0278E462D4371B194AE6E5C8194F2C0A1940626C13627FAB6++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                          Entropy (8bit):5.4851247359255595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uG9IvAh1IerDGuH9tvIzzh1IeLkGAlIi7dkVpJOs:fLd+LtkHtSJOs
                                                                                                                                                                          MD5:6A418F95DC477538E975D5FA06B67D31
                                                                                                                                                                          SHA1:B6669B0ED075CD62A1EDD9C144E7D1487A490E71
                                                                                                                                                                          SHA-256:16D78592AFA39C8E51087B7DF3FE0584C4973FCA831CEE01CDB76995F44102C2
                                                                                                                                                                          SHA-512:12100EB96D123ECF1230F2A5A3107E32E2035E7770A98B98B2A305292409F52A5DE3F1FC5D4E880FDE6F58013259309E3889C22FB570E08B19306C6D4BCDD975
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskytt det digitale livet ditt",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Enten du handler, bruker nettbank eller surfer p. nettet, kan de kostnadsfrie verkt.yene v.re holde deg trygg . og nettkriminelle har ingen sjanse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et kostnadsfritt verkt.y som bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiver WebAdvisor for . f. beskyttelse mot virus, skadelig programvare og andre nettrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "P.minn meg senere",.. WAIFF_BUTTON_DECLINE: "Nei takk"..}..//DB9B06E543A7D137F0775CA6C99756428AD6717442517548A6524AC1D0C9887199CB6C406B21DE58E38301D461A720E5B0B0BB1F0E7E6F9561C594B8216B5B53++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1008
                                                                                                                                                                          Entropy (8bit):5.386460388121823
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGCbQvNQ/JHeGLwpBgvNTHUQ/JHeHgjQui8QydMiQVF4NUGaUA:wbE+JjwpMU+JeaQuHx1NU/p
                                                                                                                                                                          MD5:E4ED67F4730ABD3EEC0E5171C84536D9
                                                                                                                                                                          SHA1:CB2CB6D491A06306D9D764AC20791F95C3F1B66A
                                                                                                                                                                          SHA-256:A64FFA688D3FD408B4C991392DADC2430F02C3C1D9F0031DF9121899EACF81F2
                                                                                                                                                                          SHA-512:C8FAD5C3ED40735BD371CE9D929BFACF59018AE213395B16BE82CAC5F3E6044742F219FC18ED689DF69750253E46EEB347D4ED871FBF8E47058F3BD115AB729A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bescherm uw digitale leven",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beschermt u door te voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Of u nu online winkelt, bankiert of surft, onze gratis tools kunnen u helpen om uw veiligheid te handhaven. Cyberciminelen maken geen schijn van kans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is een gratis tool waarmee u kunt voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Schakel WebAdvisor in om uzelf tegen virussen, malware en andere bedreigingen van uw online beveiliging te beschermen.",.. WAIFF_BUTTON_ACCEPT: "Zorg dat u beveiligd bent",.. WAIFF_BUTTON_REMIND_LATER: "Help mij herinneren",.. WAIFF_BUTTON_DECLINE: "Nee, bedankt"..}..//C5D45099576EED60AFBECB14D26E8D2C1629A279844ADD8FAEDE5747B146DB4093111E0661F9FA1703E51BD8FEBA14CFA32A3B6665D2E0463A209FC334

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1093
                                                                                                                                                                          Entropy (8bit):5.663628249038643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGVNFvLnLYFCeTKTv0vmNGHKZYFCeoVmPbYCjisi2d8VVNocIfLRC:PnLaKTvdckXVmPbvUO89IfLRC
                                                                                                                                                                          MD5:FC235094E605D87760AFA4E6EC715AE7
                                                                                                                                                                          SHA1:BC40F8B434E2DE0E9F6F2D27E14DBFB91B930585
                                                                                                                                                                          SHA-256:82E58C663F63B5BBC24B18CED6D297756DF12FA5F0279F760BADC189E7DC6AD3
                                                                                                                                                                          SHA-512:796863ECC0E2A8E683B91455D469DF1923084DBE3BA86765E0BEF1953F76B440350467FF6A11CFE73962AC0DFC66D16068C0E9CEB0B8F1404C8D2E36170783A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bezpiecze.stwo w cyfrowym .wiecie",.. WAIFF_TOAST_DESC_1_COHORT_1: "Rozszerzenie McAfee. WebAdvisor dzia.a w celu zabezpieczenia Twoich danych osobowych przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nasze bezp.atne narz.dzia pomog. Ci. zabezpieczy. przy zakupach, korzystaniu z bankowo.ci lub podczas przegl.dania Internetu . cyberprzest.pcy nie maj. szans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Rozszerzenie McAfee. WebAdvisor to bezp.atne narz.dzie chroni.ce Twoje dane osobowe przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_2: "W..cz rozszerzenie WebAdvisor, aby chroni. si. przed wirusami, z.o.liwym oprogramowaniem i innymi zagro.eniami dla bezpiecze.stwa w Internecie.",.. WAIFF_BUTTON_ACCEPT: "Skorzystaj z ochrony",.. WAIFF_BUTTON_REMIND_LATER: "Przypomnij mi p..niej",.. WAIFF_BUTTON_DECLINE: "Nie, dzi.kuj."..}..//5E79AD27360576221417C36C122517D930CE2

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1007
                                                                                                                                                                          Entropy (8bit):5.486847787876765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGWvGqe4TqfWHvxYLqeo3L9iGdtHVA2uVbWua:JsTmLA3LNt+1bba
                                                                                                                                                                          MD5:F7483FAA42194C903BEB4E79D0757822
                                                                                                                                                                          SHA1:B2101BA0D20E7F79749E103272279897EDA1CBBE
                                                                                                                                                                          SHA-256:FC9D8BBA5C75F318ECF6040449F40A06DEC59860B94EB855CBC7440416B030C0
                                                                                                                                                                          SHA-512:BF4CE34990B1D75FB3260BDDE7EC7012108336DCBF1417F3C9413DA5D61B8E05D78E80184A99778D8519225FA42357669FF5FDD9A512CCB5C7F2A7F26811AAF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabalha para impedir que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Seja para comprar, fazer transa..es banc.rias ou navegar a Web, nossas ferramentas gratuitas podem ajud.-lo a manter-se e seguran.a -- e os criminosos cibern.ticos n.o ter.o a menor chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uma ferramenta gratuita que impede que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para proteg.-lo contra v.rus, malware e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Proteja-se",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar-me mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//05EF87C124705522A44094E03E10AD13384C7B6C2E9C009D7021E950DB1F14D10BAC436E43C26B4AAC1BBBA33D80DBA4AE4942AB3F0F65F63DFDA88F84C

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1038
                                                                                                                                                                          Entropy (8bit):5.450247041256477
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGWvXqemtvxo8lo8Fv0YYqeorp9i7d0HVn1WN45:munlVYArpm0/WN45
                                                                                                                                                                          MD5:B40D10BBE04592B1EAFEA00BC24F677F
                                                                                                                                                                          SHA1:0389D3CA31A8387AB9A307B5914D7936A32A858A
                                                                                                                                                                          SHA-256:4788FD904E4EFF99BC2232F7ED0306B99AB52078F6006FB2E4CF24750BA509AD
                                                                                                                                                                          SHA-512:86B5B5255A0448C1362DF890BF4F21C29702AA2C976C868542F8B42DA2FA37D091AFDB357575D5048212ACEFF3DA73BF3F78DDD51918F6E3D117EAD19BB02D3E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "O McAfee. WebAdvisor trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Caso fa.a compras, realize opera..es banc.rias ou navegue na Web, as nossas ferramentas gratuitas podem ajud.-lo a manter-se em seguran.a, e os cibercriminosos n.o v.o ter qualquer hip.tese.",.. WAIFF_TOAST_DESC_1_COHORT_2: "O McAfee. WebAdvisor . uma ferramenta gratuita que trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para se proteger contra v.rus, malware, e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Obter prote..o",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//FDED51B6B9F9B5E6200E35ED5D2B59F11193BB163D1928B19013A1D4F42BB69F3997029516A8D18E0A2EE7ABB7C9

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1396
                                                                                                                                                                          Entropy (8bit):5.236803505318647
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGgmLHv4r6HeS0WPHH7XQfOc5TwvFovr6HeyHiM7avIixQd3ImlV4JBjc6hTSF2:amMm7Uh2zaq43jLSF2
                                                                                                                                                                          MD5:848AEE666CB1351F3980A29D3AF7A1D4
                                                                                                                                                                          SHA1:0D3838743B9C4EFF15F4305960B94D427D380FDE
                                                                                                                                                                          SHA-256:49AD1FAB3C4EDD993D85BA4E3D0FFE5A7F155CAB64FB0A838723F2A03E856EF3
                                                                                                                                                                          SHA-512:787F4FD5D021C06B72446B38EC29B0F300D22677B108255A9DE066D1BB8888978D0C97253EF6853E04D2AE9E108FC11F41F29EBBDF6A7B8069B1E127A45B810A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........ .... ........ ...",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ............ .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".......... .. ...., .......... .. .. ......., .......... ........ ... .............. ...-........, .... .......... ........... ....... .......... .... ...... .. ..... . ..................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . .......... .........., .............. .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_2: "........ WebAdvisor, ..... ........ .... .. ......., ........... .....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                          Entropy (8bit):5.789596697093949
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGqvUTke2+u4Z2M2vtd2keuEAvECuiFdCVtxdvGi5:s2OvpQdvGi5
                                                                                                                                                                          MD5:4C44491023BCACE71B5B5670F01A82A7
                                                                                                                                                                          SHA1:BC9972C3BDBF6899B18FB4ECF0C1E3CE9400624A
                                                                                                                                                                          SHA-256:C2C62F53C1E694275AA783F1F88C4D92124ACE06371767F675F1D59DE1AD04CA
                                                                                                                                                                          SHA-512:014D4E1053D6DF17CABDE226FF95BEF3697022F0B0309A664E6AD1571FF16AD39674D5B7C1B2C1B8CE75A2478887842AEF6B0A4001667FB7295A6EB6FAAD42FF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Chr..te svoj digit.lny svet",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor v.m pom..e ochr.ni. osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Na.e bezplatn. funkcie v.s ochr.nia pri nakupovan. online, elektronickom bankovn.ctve alebo prehliadan. webu a.nedaj. .ancu kyberzlo.incom.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, ktor. ochr.ni osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Zapnite WebAdvisor a.ochr..te sa pred v.rusmi, malv.rom a.in.mi hrozbami, ktor. na v.s ..haj. online.",.. WAIFF_BUTTON_ACCEPT: "Z.ska. ochranu",.. WAIFF_BUTTON_REMIND_LATER: "Pripomen.. nesk.r",.. WAIFF_BUTTON_DECLINE: "Nie, .akujem"..}..//8A1B5EE10C8E25E733EAE75F94326C9EBD06FD2B2389C9F90E47F60863FA165375EF6841B40C92DF512BB6A46DF74CC134266F4854A6411B030135D935C6CBDA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                          Entropy (8bit):5.575857341922756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGjvY4FembeVgtvKSFe0WLmLTlwFi1dAVOtrK4Di:mlQJnlH7vDi
                                                                                                                                                                          MD5:3DCE958EEE4B291C1374E4CE48C8CFC0
                                                                                                                                                                          SHA1:6F35CEB254B50FD23119E250FBF5DB8BC6D29DE5
                                                                                                                                                                          SHA-256:72A5A13B2FF562300BD16973D4F7568141EFA434C913A170659C34D8DC0771A3
                                                                                                                                                                          SHA-512:90E3375E253E34698466C1FEB79DDCD8F2DB8F23F44ACF75F6800A9ECE441CCE0FA54850D51503DA673AF148B4997FFC1EC53B3C56E1BE873B29BC978475977F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor radi na .uvanju va.ih li.nih informacija od padanja u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, koristite bankarske usluge ili pretra.ujete veb, na.i besplatni alati mogu sa.uvati va.u bezbednost-- a sajber kriminalci ne.e imati .anse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatan alat koji .uva va.e li.ne informacije od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite da vas WebAdvisor za.titi od virusa, malvera i drugih pretnji po va.u bezbednost na mre.i.",.. WAIFF_BUTTON_ACCEPT: "Za.titi me",.. WAIFF_BUTTON_REMIND_LATER: "Podseti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//6DFEACC2836F5543D2955E6A9A48708DCAA122531C0857F611AD5F38A9149EA8E949381DD2CCB4B54C8FA540FE331E657EC77F617F084D9215FCAC3A8288F922++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1002
                                                                                                                                                                          Entropy (8bit):5.520357138204716
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGKlvc49IeIuZR6/Otvo6WT8E9IehgNMxi72dUVIE40TMCO:Y9au+2M8E9nqMSOk40Tu
                                                                                                                                                                          MD5:53291E841F78133612D2CEED35493ED5
                                                                                                                                                                          SHA1:FCB7CC3152F472EAD955E6F97A3E77B671F29FE7
                                                                                                                                                                          SHA-256:91C7B0C5EFDB5F40020B33EE626DA0850037CA3FD2617C6C6E4B3379E764DB6B
                                                                                                                                                                          SHA-512:EC705FD1EC2CED44D3DFF507A31FB2A9C68B0A898A89436A16D07E1DAAA1E646A5176826B2A0A8D3DD099D9EB0F507B3E3EB31D6E3B2E89329FB3A08461B3DC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Skydda ditt digitala liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor jobbar f.r att f.rhindra att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Oavsett om du shoppar, utr.ttar bank.renden eller surfar p. internet kan v.ra kostnadsfria verktyg hj.lpa till att h.lla dig s.ker -- och n.tbrottslingarna kommer inte ha en chans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor .r ett kostnadsfritt verktyg som hindrar att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivera WebAdvisor f.r att skydda dig mot virus, skadlig programvara och andra hot mot din s.kerhet p. internet.",.. WAIFF_BUTTON_ACCEPT: "Skydda dig",.. WAIFF_BUTTON_REMIND_LATER: "P.minn mig senare",.. WAIFF_BUTTON_DECLINE: "Nej tack"..}..//C5DD8703598B1C9479B775D8F6F05687A39282CD92FB6A023340F583B775703103F997B78EE840C68B0AC8E9E096424BAAF8638993526AE0DF63021E560A88CA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1061
                                                                                                                                                                          Entropy (8bit):5.631821293910584
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGS2QvNaIeIse0jz0CtBsvzCOvje4DFkNHiNQd1NHVcdVQDV:PaahjzHtWbnZMH2QR
                                                                                                                                                                          MD5:AB0BCF641E9CB622F5D3741D36A5F4E4
                                                                                                                                                                          SHA1:72E37992E0C57E0AD44E0D03472D134898C10139
                                                                                                                                                                          SHA-256:C2BF08768A67C13DDB703BE667E1A4BFFA71B724D1E7A4E70BF7E09135B0AADB
                                                                                                                                                                          SHA-512:2EE897FF17F8CD91E4D47AB275CD00F8FF36921E6E70E67EB67C2D57ECA329C8996E059EF0D4798F77A4E4011A53C9AED97279E9788D7BDEFAA229FEE2CC1BEC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Dijital ya.am.n.z. koruyun",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ki.isel bilgilerinizin yanl.. ki.ilerin eline d..mesini engeller.",.. WAIFF_TOAST_DESC_2_COHORT_1: ".ster al..veri. yap.n, ister banka i.lemi ger.ekle.tirin, ister web'de gezinin, .cretsiz ara.lar.m.z g.vende olman.za yard.mc. olur; siber su.lular.n hi.bir .ans. kalmaz.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor, ki.isel bilgilerinizin yanl.. ellere ge.mesini .nleyen .cretsiz bir ara.t.r.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Kendinizi vir.slere, k.t. ama.l. yaz.l.mlara ve .evrimi.i g.venli.inize y.nelik di.er tehditlere kar.. korumak i.in WebAdvisor'. etkinle.tirin.",.. WAIFF_BUTTON_ACCEPT: "Kendinizi koruyun",.. WAIFF_BUTTON_REMIND_LATER: "Daha sonra hat.rlat",.. WAIFF_BUTTON_DECLINE: "Hay.r, te.ekk.rler"..}..//4733763885A4F0CBE71F154E1732926C5B3F517B835BE9F1FFED7C084CC221CD03B64

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):917
                                                                                                                                                                          Entropy (8bit):6.338078767595641
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGFvQsaInleBd82wvxsnInlehoyliIodS8Vqwr7KFTiX:RaI4i2ZnI9b77X
                                                                                                                                                                          MD5:E31EA455A252A16AE63F571F2558F351
                                                                                                                                                                          SHA1:85A4C98F9EE863BD0693BF4F8DAF3DE9754232A6
                                                                                                                                                                          SHA-256:F6B8C644C71CDEFB6036915531C3D328E73F0A149980C7862005B61B55329315
                                                                                                                                                                          SHA-512:A38C87841714CC7AE187982563FCDA2E20EDB8D1158E3E49E6DBDF82EEDD0E2386C778D8A0C3E9C7E32EE419F6164BF4B530BFA4C75A0AC16112E39BA01F8B15
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: ".... ...................",.. WAIFF_TOAST_DESC_2_COHORT_1: "........................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: ".... ............................",.. WAIFF_TOAST_DESC_2_COHORT_2: "................................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "...."..}..//08C118F48DCB5DD454C97A1A4508971B7DCFF3A730E987EB761E4D2B0CFF573C8B2488DF2CD9622F41BDAAE55C8B681BAF049B42077D685BB3AA3920153EA4F0++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):915
                                                                                                                                                                          Entropy (8bit):6.381419326448278
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7uGYvJeiCCpqKvZeedNsyinkdSgVq4YNj1IL:GJRNxJL
                                                                                                                                                                          MD5:068397E779297050800B9E8653111EAA
                                                                                                                                                                          SHA1:ECFDC61B0C92DEE9A9432FEE1CCBC4427D99E1EA
                                                                                                                                                                          SHA-256:9EBDDD6060785D2F9272D288B3B92FCDF97C83F55BE7F6070D9EB037CE223EF3
                                                                                                                                                                          SHA-512:EF531CC79F85AA9801EFF83D4E67658B45DCDCE3BE94DD6BBCF276EF5045353D82FAD0183ECD19A9E7A2384B0FF69AE53E37623EB5F2945DA78ACD107696F92E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor .....................",.. WAIFF_TOAST_DESC_2_COHORT_1: "...............................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor ..........................",.. WAIFF_TOAST_DESC_2_COHORT_2: ".. WebAdvisor ...........................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "......"..}..//44005B08579073257891516EF9EBDA28F27E9BB3644446D2278395347CEF382BE2D68259C9C47D7D7DE5BFDBC55C4E42BCEB91C5ECE4F45970626C57B3F613BD++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4962
                                                                                                                                                                          Entropy (8bit):5.646884833588854
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Ht5PSpPUGEAopoM4odOR9EPH1h1bTzUXToCnqIK92n4laxOQDgu+:rqpcGEAQ54ROdhlTCTXqIKM4lansu+
                                                                                                                                                                          MD5:4E27D3782D712E0D08FEC2F9775ADA9D
                                                                                                                                                                          SHA1:AE9D9012D8021A1D0D2D42C8C31C5F3E6D367BB1
                                                                                                                                                                          SHA-256:628FDB0502503B8AA055E24C2D156FED737ACD8F48F3B5E1CD9DB9DC6FB7C233
                                                                                                                                                                          SHA-512:F70122D10100CAB9B549F3FC573356845AB9EC2DEBD209088CB70780BBE88DA7A8670E1DA540087AE03997500A484B254C8C5443A41C48A748DF0D9927725EBE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ete svoji ochranu na internetu . ZDARMA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Jen tak d.l!",.. OEM_TOAST_VARIANT_INFO: "M..ete se na internetu c.tit mnohem bezpe.n.ji. P.idejte zabezpe.en. vyhled.v.n., abyste dokon.ili ochranu p.i proch.zen. internetu McAfee a zv..ili sv. bezpe.. na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Aktivov.n.m zabezpe.en. vyhled.v.n. jste dokon.ili nastaven. ochrany p.i proch.zen. internetu McAfee.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Zku.ebn. verze antivirov. ochrany McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana internetov.ho prohl..e.e",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prohl..e.e je va.e linie obrany proti nebezpe.n.m webov.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4454
                                                                                                                                                                          Entropy (8bit):5.394761777553124
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Hud7h5xpL1yuPQacJspPbkwriNTSwcvEFyFQFgvQ:M7hTpByuodJspPbrriNmwcvkZFg4
                                                                                                                                                                          MD5:A659B76FE11F00CB564DE596F0123016
                                                                                                                                                                          SHA1:C70CA0AF3D7DBAE353635B8BA1D386D31397B828
                                                                                                                                                                          SHA-256:0A13969EEDBD963E86564D087DFF16C7ED3FE55872F1CB0468AFEAE0D85C2848
                                                                                                                                                                          SHA-512:9BE6B449A761B1919C2EF07EFE7117C242F1260DDC5DE535F814F1BAD7FAAADBDD4C4950ABD46FB574429A8CC267E3B654694A54F2C7E4CC57AF51701DD37E6E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "G.r konfigurationen af din onlinebeskyttelse f.rdig . GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.dan!",.. OEM_TOAST_VARIANT_INFO: "Du kan have en endnu bedre beskyttelse online. Tilf.j s.gebeskyttelse for at g.re konfigurationen af McAfee Web Protection f.rdig og forbedre din sikkerhed online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har afsluttet oprettelsen af din McAfee Web Protection ved at aktivere s.gebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversion af McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeskyttelse er din f.rste forsvarslinje mod usikre websteder, links, downloads, malware og meget mere.",.. OEM_TOAST_VARIA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4525
                                                                                                                                                                          Entropy (8bit):5.357913243879113
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Hu7HbtZh8r8XUawmvah/R70a0+PNIk02+qjdLcSpQk86B:yHbF8rbme/RRpOk02+QtcSuk86
                                                                                                                                                                          MD5:1784B37BB34D9318CF61BB12542473BB
                                                                                                                                                                          SHA1:8A419D0B5CD92F8EA7A6DD501833EB932533FD28
                                                                                                                                                                          SHA-256:B13B2FDF8304A8FFE6FA74AFDFA066B1B7191E9D6C0A4B51CB24299032EFEB4E
                                                                                                                                                                          SHA-512:8D0CA8C3B407937505DF6F7E374AB1C8CB375D750F7920A9968B22625E504D7465D34618CE864FCD34D9627F13D610CD3E6A2397578FCF82F4641110D7A2FD1C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Komplettieren Sie Ihren Online-Schutz . KOSTENLOS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Sie nutzen nicht alle Funktionen!",.. OEM_TOAST_VARIANT_INFO: "Ihr Online-Leben k.nnte noch viel sicherer sein. F.gen Sie Online-Suchschutz hinzu, um den McAfee-Webschutz zu vervollst.ndigen und Ihre Sicherheit im Internet zu erh.hen.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Sie haben den Suchschutz aktiviert . der McAfee-Webschutz ist jetzt vollst.ndig eingerichtet.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee-Testversion",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Browserschutz",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Der Browserschutz ist Ihre erste Abwehrreihe gegen unsichere Websites, Links, Downloads, Malware und mehr.",.. OEM_TOAST_VARIANT_F

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6944
                                                                                                                                                                          Entropy (8bit):5.098772797667829
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HwrU5F9ob1w9r4vQZEiH/MkCyf9Wxi8+cw2tV9fnozQRfQ7oRvt:QrU5FixMrp/MksxbhtV91I7oRvt
                                                                                                                                                                          MD5:38A0E4A175309DB73A17985840ECB41E
                                                                                                                                                                          SHA1:0EC458BDBED8B956044710CDE092D5104B8BCBC9
                                                                                                                                                                          SHA-256:492BBCB89A9DCF4D33E173632CC93FD85CAD46542F9C4136E11531089870A1D9
                                                                                                                                                                          SHA-512:531BD90BE6AC65954F34FA5E199F39C1DDF171BD5D5279CA7CAAFD3786B5590EC063BAF8C06928E83DA835DF12C640C79BBA57669BFFDC35A0FA38F374D197BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........... ... ........... ... ......... . ......!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: ".... ........ .. ..... ... ........ ... .......... ......... ... ......... .......... ... .. ............ .. ........... ... ......... McAfee ... .. .......... .. ........... ... .........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............ .. ....... ... ............ ... .......... McAfee .............. ... ......... ...........",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...... McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABL

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4727
                                                                                                                                                                          Entropy (8bit):5.36476564696804
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HVm7IJTUE/c0dnhD6HaTKz+cfItWHMtDJHRLWyk7mEQheM0FP:IYUcno6mpbONH5Wt7mPheMCP
                                                                                                                                                                          MD5:D93BD044D71235CD5B1D2126B1A5FD68
                                                                                                                                                                          SHA1:239D7C744E60871D825505B9B559527741BB65BC
                                                                                                                                                                          SHA-256:635CC2808EAA48CC3D6FBBD71135858542DDC257B48DD4A4EE99BFAF44FEEA91
                                                                                                                                                                          SHA-512:DBE1474B9733D6EB0BD54E0A3E6A7D0C81B8B4C8C81B1EC22B67E23D508EDC525EB47C5063B3DC8B9F6A6ECE87D18603EB4EDF32DFB02D991767BE4A0B6AF25B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Refuerce su protecci.n online GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Muy bien!",.. OEM_TOAST_VARIANT_INFO: "Puede navegar con mucha m.s seguridad. A.ada una capa de protecci.n a sus b.squedas en Internet con McAfee Web Protection.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Ha terminado de configurar McAfee Web Protection con la protecci.n para las b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Versi.n de prueba del antivirus de McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n para navegar por Internet",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es su primera l.nea de defensa frente a sitios web, v.nculos y archivos de descarga poco seguros, adem.s del malware y otras amenazas.",.. OEM_T

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4645
                                                                                                                                                                          Entropy (8bit):5.372840787353813
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H+uLpSRLUr0y8YDhD5MkLb6kyoRV41uRyrF4QVP2q:euLiQgu4kLbLyqMuRAFjVPX
                                                                                                                                                                          MD5:A394E17B5CA626ABAAA6467077B3E5DF
                                                                                                                                                                          SHA1:DAB7412F54533E5345D0458468DA19FC6E5BD101
                                                                                                                                                                          SHA-256:340F71C8D0C4CE43CB6194F1387968363696FB6F3CB57643993CAF498FFFB578
                                                                                                                                                                          SHA-512:FB9EA9016FD929604412B7C3059900A378A7C7CF274F997825466963C1E148E09C78AAFDF728BC191891A3CA7E85809EA003E7E9B04E7DB6E03B95C3FC7BAC79
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa tu protecci.n en l.nea. .GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Fant.stico!",.. OEM_TOAST_VARIANT_INFO: "Puedes estar mucho m.s seguro en l.nea. Agrega la protecci.n de b.squedas para completar McAfee Web Protection y mejorar tu seguridad en l.nea.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Has completado la configuraci.n de tu McAfee Web Protection activando la protecci.n de b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prueba de McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n del navegador en l.nea",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es tu primera l.nea de defensa contra el malware, los sitios web, las descargas y los v.nculos inseguros, y mucho m.s

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4369
                                                                                                                                                                          Entropy (8bit):5.382012747965098
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HCY1buqqISrqXmaENWWAyROr+DTVgjifdQhdM:i2bURGOAlyROrWgjCCha
                                                                                                                                                                          MD5:67318590DD6DCF9C9FDEB28CBD2B08B3
                                                                                                                                                                          SHA1:D60B883105C993EED5C3BB48C043BB89B67F6277
                                                                                                                                                                          SHA-256:3BE92620EAC468E3550D908D89514979A3EC0F37260DD771DC5922A90D0391A0
                                                                                                                                                                          SHA-512:1DF0CEE261A720F7DFA11A4736301404C4DFAC1952E135766475E4E7DB886B2EFA3EBDF32D2EFDC5DF9360BA7DE6AAE3FB2506CBD05646CAE5C73A2FDB1BC2FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "T.ydenn. verkkosuojauksesi . MAKSUTTA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Hienoa!",.. OEM_TOAST_VARIANT_INFO: "El.m. verkossa voi olla turvallisempaa. T.ydenn. McAfeen verkkosuojaus hakujen suojauksella ja paranna turvallisuuttasi verkossa.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Viimeistelit McAfeen verkkosuojauksen ottamalla hakujen suojauksen k.ytt..n.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus -kokeiluversio",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Selaimen suojaus verkossa",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Selaimen suojaus on ensimm.inen puolustuslinjasi muun muassa vaarallisia verkkosivustoja, linkkej., latauksia ja haittaohjelmia vastaan.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Hakujen suojau

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5002
                                                                                                                                                                          Entropy (8bit):5.3618244169536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HZzGKZjPEluOR2wzvjc8/MWaAE+XZKn3mTvARBdphbmbQQQJA3jqtQjQ7cjUgLn:lVEzx/Zk3uvAdfdJo1jzTn
                                                                                                                                                                          MD5:6A3D4851DB8F6174B5B39B11ADD93574
                                                                                                                                                                          SHA1:700B972FA021989DE003E925683A5F80D5ED495D
                                                                                                                                                                          SHA-256:88DB68AB507E55379EEEA8411B174C649E878BED65D021F355BC6CCD76270FED
                                                                                                                                                                          SHA-512:49E4F91CDFE623BA29D6FAD87188F5015A0E885DAA6E9B7502DD29B3D37F5A9D3944A83AF4988249375405DCF107D5C27B2C5C55AC911D084ED82BC1D6313B4A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Compl.tez votre protection en ligne - GRATUIT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Quelle bonne d.cision!",.. OEM_TOAST_VARIANT_INFO: "Vous pourriez .tre beaucoup mieux s.curis. en ligne. Ajoutez la recherche s.curis.e pour compl.ter la protection Web McAfee et pour renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez compl.t. la configuration de votre protection Web McAfee en activant la recherche s.curis.e.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation gratuite de l.antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur est votre premi.re ligne de d.fense contre les sites Web, lie

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4951
                                                                                                                                                                          Entropy (8bit):5.368494552125785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H1dQtHATWE0/hUcGNyFmjjc8md8QPSsnRxKGF7juyNmYSff9j5rQgFSS:VKtrE0pIUL6sR727FBygFSS
                                                                                                                                                                          MD5:056063BDD96CE5802216A7249606D273
                                                                                                                                                                          SHA1:6C34DA5D6E8EE775472DD0740249DDF612C01264
                                                                                                                                                                          SHA-256:0B1C31A69CD1D5C9EF04D5DB7460B63F5109A6CEAD5D94659B19D8887188A11F
                                                                                                                                                                          SHA-512:CBE2BF3AF47CC40F441A9FC2B41756A37DA6C2D658F1D2FE8B29E3B56631B1B8BB038DDFA119AB7BB4F796FCC7A731469790378D8059B1015124361F8D685B1D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Terminez la configuration de votre protection en ligne . GRATUITEMENT.!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Bravo.!",.. OEM_TOAST_VARIANT_INFO: "Vous pouvez .tre beaucoup mieux prot.g. en ligne. Ajoutez la protection des recherches pour compl.ter votre protection web McAfee et renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez termin. la configuration de votre protection web McAfee en activant la protection des recherches.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation de l'antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur constitue votre premi.re ligne de d.fense contre les sites

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4651
                                                                                                                                                                          Entropy (8bit):5.4634190327462555
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HCsNsKVqer5TZNOZG9OBhwMsvA0+Ovho6rQYBoF:zNsiqsZ4cM6A0+Ove60YiF
                                                                                                                                                                          MD5:8780E1A0A4EC2CF2FC79819AC33B409E
                                                                                                                                                                          SHA1:19CA2AC32060FB749041CECC15CD28458E7FD07A
                                                                                                                                                                          SHA-256:388719F06F56B3B99ACF659127F76A968EF22F46DA3F4BCA540C613BCAF12AD8
                                                                                                                                                                          SHA-512:FA9F7697ACF3B815760152349DDC1B01D0AC1F10AB19B91E6411486E0A0E2AF3B1A310FD260286CC8B57D927824AAE6876D3D6FFBE4CE728DEAB8A7CB69B5F22
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dovr.ite svoju online za.titu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tako treba!",.. OEM_TOAST_VARIANT_INFO: "Na mre.i mo.ete biti puno sigurniji. Dodajte za.titu pri pretra.ivanju kako biste dovr.ili McAfee Web Protection i pobolj.ali svoju sigurnost na mre.i.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Dovr.ili ste postavljanje svoje McAfee Web Protection omogu.avanjem za.tite pri pretra.ivanju.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita preglednika na mre.i",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita preglednika va.a je prva linija obrane od nesigurnih web-mjesta, poveznica, preuzimanja, zlonamjernog softvera i jo. mnogo toga.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4620
                                                                                                                                                                          Entropy (8bit):5.543617473209933
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HfqjRDpi/v3XWyYNDX5XcmPcnrW2S6CatskM0QlH7ct:/q7gGFDX5dorWKskCF7q
                                                                                                                                                                          MD5:8C673408D8CA2ECC2C413D6E1DBBCD92
                                                                                                                                                                          SHA1:3CA8B4AFF0D8B913A6B4DF15801BAC1CBB8810F9
                                                                                                                                                                          SHA-256:18BCD1DB9FD5A0D472EE8126A777EB88888BADE3C309FD50865D3BFCA229ABA4
                                                                                                                                                                          SHA-512:814B71BE326D93E7402ABF685AAF6D5CA8A6DC954934FE40AE6F3C4A923620C6456667B281FD61E5EED9347E1092563D2778B7DD43D7D85586CF5DCAD1DBD544
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Eg.sz.tse ki online v.delm.t . INGYEN!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Nagyszer.!",.. OEM_TOAST_VARIANT_INFO: "M.g nagyobb biztons.gban lehet online. Enged.lyezze a v.dett keres.st, hogy teljess. tegye a McAfee webes v.delmet, .s n.velje online biztons.g.t.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "A v.dett keres.s bekapcsol.s.val befejezte a McAfee webes v.delm.nek be.ll.t.s.t.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee v.rusirt. pr.baverzi.ja",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online b.ng.sz.v.delem",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "B.ng.sz.je v.delme a frontvonal a nem biztons.gos weboldalak, hivatkoz.sok, let.lt.sek, k.rt.kony programok stb. elleni biztons.g ter.n.",.. O

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4608
                                                                                                                                                                          Entropy (8bit):5.24552695607158
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HQj/oecik1Rs8CwrTww7Jr6QdIBOG1XY4RO2YC+qQAjx2:4/obl1VnUw7Jr6QdIh1XY4RO2YC+pCw
                                                                                                                                                                          MD5:5868296FE9E4C2686EBA44ACC7736D37
                                                                                                                                                                          SHA1:083037480237422BA7042B443B9B8EDCDC91E1AE
                                                                                                                                                                          SHA-256:612726B0CBFF2FC22923ED4AF818328F1322679C2680B7D7278AE77FEB4F5344
                                                                                                                                                                          SHA-512:0E1830C3AEE62177D48C70998E25AADA0F9DF3EFABB93351336C0894FE9FF91117FF1D6A46C1E299C75B8AB8A2F2F8A4D1E880592E7E36E79FAE9718338276BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa la tua protezione online - GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ottimo!",.. OEM_TOAST_VARIANT_INFO: "Puoi migliorare notevolmente la protezione online. Aggiungi la protezione delle ricerche per integrare McAfee Web Protection e migliorare la tua sicurezza online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Hai completato la configurazione di McAfee Web Protection attivando la protezione delle ricerche.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prova di McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protezione online del browser",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protezione del browser . la prima linea di difesa da siti Web, collegamenti e download non protetti e dal malware.",.. OEM_TOAST_VARIANT_FEATURES_DISAB

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5215
                                                                                                                                                                          Entropy (8bit):5.859003972604919
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HaYG+SPT4mep9K9B95H1bccLyf/9f71bYwNKiVEVH9skXbrbQCQ6L2nKQKUGC:q+SPT4mnh5d/KVYwNZiZ9RrOJ6C
                                                                                                                                                                          MD5:A541AF3628C6487A87229D6ED38970FE
                                                                                                                                                                          SHA1:259D22A54D1694ACEE13888FF0982BA325E142A7
                                                                                                                                                                          SHA-256:2C5CB26A55EA781490D1FECE3F78535711BA884B4E899DA5B3F7C731890BE86C
                                                                                                                                                                          SHA-512:0D7056DE6AD94E30ADE7EFC671C54EE5A81E4910A6B7922A71423A8260624EE2BFC3F6FCBC00E83A84439389BD6C5CC6B874D6CB060443C21D84B426DE03C6E5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "................. - .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".......",.. OEM_TOAST_VARIANT_INFO: "............................... McAfee Web Protection ..........................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".............McAfee Web Protection ...............",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "..... .............",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".........",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4770
                                                                                                                                                                          Entropy (8bit):5.834460120265474
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HNby+JvldshnPhOVGUZoI+0MYAT2T1eHEzdaVQkwpSMH:tGk3sNhxHI+0cUKu06kTMH
                                                                                                                                                                          MD5:80CD4DA8CD225A78DDF3E73CBE51EABD
                                                                                                                                                                          SHA1:334ECADEBD1686FB1465CA4BA38FB29652F0EC54
                                                                                                                                                                          SHA-256:1334BEC9DC21AA478DEA12A868AA7FDAF1A95990C1015019DDBE6B90907BBA65
                                                                                                                                                                          SHA-512:581CE2F5BDE668724560657C0FD577ECB28361D3EDBC31A53E125EC06E4D0334C941120E424F4365F3BDE92316191F59F4741EB3280565B33FEA206E3917AD6F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "... ... ... ... ......",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: "... ... ... . ..... .. ... .... ... McAfee . ... ... ... ... ......",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ... ..... McAfee . .. ... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee ...... ...",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "... .... ..",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".... ... .... .. . ..., .., ...., ... .. .. ... ... ......",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4467
                                                                                                                                                                          Entropy (8bit):5.38161829670382
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HqSH3f2pqCBDGeE36ZmcQf5xPCN1LeCYrWbVhYqeQGE/MSbIY:KmW4eClJ/PCN1LXYr2LYqdGE/xbR
                                                                                                                                                                          MD5:86593197A71C0F209DBE3A68004CB7C9
                                                                                                                                                                          SHA1:6509AD251FE7DEF618F906752413A5AE514BD5CF
                                                                                                                                                                          SHA-256:7F7CDDF4F4E42063B3E81598D9879E0B7DE40F496573E0DE47BF184AAEFD1C90
                                                                                                                                                                          SHA-512:44221D254012DF747CB82A727F98C8B029AF4681CB0348A9CC60898D17D27BEB061987934255F490FA000CB93B24EBF53E42D65C84570E7A6A3FECEADDCF000A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Gj.r nettbeskyttelsen din komplett . KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ikke verst!",.. OEM_TOAST_VARIANT_INFO: "Du kan bli mye tryggere p. nettet. Legg til s.kebeskyttelse for . gj.re McAfee nettbeskyttelse komplett og forbedre nettsikkerheten din.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du fullf.rte konfigureringen av McAfee nettbeskyttelse ved . aktivere s.kebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversjon av McAfee antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Nettleserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Nettleserbeskyttelse er ditt fremste forsvar mot usikre webomr.der, koblinger, nedlastinger, skadelig programvare med mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4299
                                                                                                                                                                          Entropy (8bit):5.379409348781231
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H2AwS9S9NzRHuSpGikmkH4XRgPKvpR1E1B2azPDcF2g+FeksVMkgR1pfQ55C:WAweeN9hGikmkHDKpRS1EaTDw2g+Ffs8
                                                                                                                                                                          MD5:C2AB04CD7E5E26640BB7A66E7B3EFDA5
                                                                                                                                                                          SHA1:C0448971C5B43F92FB83436E7391B995BFF941BB
                                                                                                                                                                          SHA-256:549457A9156FCBD81D5B46844D6DCC85FD983E44A25F510B4BDF8A60A0A52346
                                                                                                                                                                          SHA-512:ED59892217E479264C8AE724A0CE254D5DF74862BF2033F947E7535F9E1E0ED32BDB3BA1FD0C98CAC15499CE60A7057B7B841BDF427DA518C0CEFB3B685E2B0A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Voltooi uw online bescherming . GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Goed gedaan!",.. OEM_TOAST_VARIANT_INFO: "U kunt online veel veiliger zijn. Voeg zoekbescherming aan uw McAfee-webbescherming toe en verbeter uw online veiligheid.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "U hebt het instellen van uw McAfee-webbescherming voltooid door zoekbescherming in te schakelen.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Proefversie van McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeveiliging",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeveiliging is uw eerste verdedigingslinie tegen onveilige websites, koppelingen, downloads, malware en meer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Zoekbescherming",.. OEM_T

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4749
                                                                                                                                                                          Entropy (8bit):5.577135253793333
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HeH6Ry8L5clQB1MuoIbuNO8Q2STtWQLpXsJi6jiTZ/80zthQX2w+:+Ht8tclQB1AnO8Q2STtWQLpXsJrEZ/8Y
                                                                                                                                                                          MD5:6B0584C8750221C9B143AD8E4851F97E
                                                                                                                                                                          SHA1:BAF3739AB3EB0EC8D737B0CDD7019D9770B26540
                                                                                                                                                                          SHA-256:A129819ED747FABDE12841BFB9B25DEC69CF9FF4E25E96BCB73E5AE58400E560
                                                                                                                                                                          SHA-512:7491F8665167EC0E4F56F66313769EF894BD8D77DFBED027AB15A2C16297EA81287D79265E25DC4A11CF2C6B3A19F24F9EBD8134738EA37CDF263A63C4F3F56A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Wzmocnij swoj. ochron. w Internecie . BEZP.ATNIE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Dobra robota!",.. OEM_TOAST_VARIANT_INFO: "Mo.esz mie. znacznie wi.ksz. ochron. w Internecie. Dodaj ochron. wyszukiwania, aby wzmocni. ochron. funkcji McAfee Web Protection i zwi.kszy. swoje bezpiecze.stwo w Internecie.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Uko.czono konfiguracj. funkcji McAfee Web Protection poprzez w..czenie ochrony wyszukiwania.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Wersja pr.bna programu McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrona przegl.darki w Internecie",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrona przegl.darki to pierwsza linia obrony przed niebezpiecznymi witrynami, ..czami, pob

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4556
                                                                                                                                                                          Entropy (8bit):5.392364845070507
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Hlahgzv62PaQaLuR89CrPnzGS77lq+XQsnaS:FaqvFL7R89MPnzGS77U+AsaS
                                                                                                                                                                          MD5:E620EE0E71FD5179379A8C1D4FCA2405
                                                                                                                                                                          SHA1:9ECC0BEDF394A26462DAAA0A8339A5A2116E6BB2
                                                                                                                                                                          SHA-256:B857F08E6793D3A7D1F7FCAB2CC03729864929D40890AC508CAA9C163C8C401F
                                                                                                                                                                          SHA-512:E51CCBB50DFC2050608EA7CD9250061D7DD09E34CDA9B0966F2E8EE3833D4A76C4C0312F1A3AEBA825568BA5A85726BD81BF32470A0B1C2A4ECD5E0FB9919E2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Conclua a sua prote..o on-line GRATUITAMENTE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ". isso a.!",.. OEM_TOAST_VARIANT_INFO: "Voc. pode ter muito mais seguran.a on-line. Adicione prote..o de pesquisa para completar o McAfee Web Protection e aumentar sua seguran.a on-line.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Voc. concluiu a configura..o do McAfee Web Protection ativando a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o gr.tis do antiv.rus da McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o do navegador on-line",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o do navegador . sua primeira linha de defesa contra sites, links e downloads inseguros, malware e muito mais.",.. OEM_TOAST_VARIA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4478
                                                                                                                                                                          Entropy (8bit):5.365427676170518
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HI2q8anq+9cCh9FcTVvtObxsp0R1vsfYRq+XQwgac:o38eq7CTWRvtO6pe1vsfYg+Awdc
                                                                                                                                                                          MD5:1FFACA84AB047522238575D26444B1C1
                                                                                                                                                                          SHA1:E3A08051A07F92F334B6DE958336F1C3A503BCC9
                                                                                                                                                                          SHA-256:F669083F2800C6CC1BE35B992CDA2922B55A493A6076260782D088524DB56DF8
                                                                                                                                                                          SHA-512:3DF57FB94FBA7BD6E33381DF5F150AE3D7E49FA655283EDA272F371AE2267D599C10CC442EFD3D3BF960F739B293B2B3F1CE4705ACCE8187EEC3203FED3109E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Complete a sua prote..o online . GR.TIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Boa!",.. OEM_TOAST_VARIANT_INFO: "Pode estar muito mais seguro online. Adicione a prote..o de pesquisa para completar o seu McAfee Web Protection e aumentar a sua seguran.a online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Terminou de configurar o seu McAfee Web Protection ao ativar a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o do antiv.rus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o de browser online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o de browser . a sua primeira linha de defesa contra Web sites inseguros, transfer.ncias, malware e muito mais.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "P

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6441
                                                                                                                                                                          Entropy (8bit):5.191712551362283
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H3P3dV2BQF3iK4ttHiUWB3E4L2bLrrDSiaA1oSUd0BSO+Vft1ZQpmvfRYWc:v/2Bo3L4iPdMPnSvA1UQbGf6pMfRc
                                                                                                                                                                          MD5:17601027BE0E1941274EC8AA97DA3F37
                                                                                                                                                                          SHA1:4BE73FA80DB484EC1712BCD56D356CAA57C8687E
                                                                                                                                                                          SHA-256:A4FE46EBD30F700AF434F14DBF0D9B9D803BB671A4175130AA1271736C84E0B4
                                                                                                                                                                          SHA-512:33C99E1E4B601AF85F1DD4435481FE06A93CB779660F31B4DDE8EA50376F620B978C78DE2C675513340B3E825AE40AC34FDA3D71A437A063F8D0C25B63045677
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "......... .... ...... . ......... . .........!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "... .......!",.. OEM_TOAST_VARIANT_INFO: ".. ...... ........ .... ............ . .......... ........ ...... ......, ..... ......... McAfee Web Protection . ........ .... ............ . ..........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ......... ......... McAfee Web Protection, ....... ...... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "....... ...... McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "...... ........ . .........",.. OEM_TOAST_VARIANT_FREE_LABE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4713
                                                                                                                                                                          Entropy (8bit):5.639633098055761
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Hu/cMHiS0zIB64Vb8JmdTv6zInPVO+mMQ90P:2c+iE64xTdTvPVng90P
                                                                                                                                                                          MD5:B1E8660F650C5C8D95DF80E87851321B
                                                                                                                                                                          SHA1:C18411FD7C8B8A903EA90F82B72F87DA6B5E3F3F
                                                                                                                                                                          SHA-256:D031D75D075E0A90E618AB591A19A7315D8CF731C75DF1646964C05509490390
                                                                                                                                                                          SHA-512:E5A7313EEDD1EA96D6F395225ACEF16B730685FBB613417F08FA3FF6CF386A0A6969DC876538551B9695DD84DFB0DE248E939C52F40988E8C0B503D0740485AB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ite nastavenie online ochrany ZADARMO.",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Chr..te sa.",.. OEM_TOAST_VARIANT_INFO: "Aj online m..ete by. v.bezpe... Pridajte ochranu vyh.ad.vania do produktu McAfee Web Protection a.zv..te svoju bezpe.nos. online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Zapnut.m ochrany vyh.ad.vania ste dokon.ili nastavenie McAfee Web Protection.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Sk..obn. verzia antiv.rusu od McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana online prehliada.a",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prehliada.a tvor. prv. .rove. ochrany pred nebezpe.n.mi webov.mi lokalitami, odkazmi, stiahnut.mi s.bormi, malv.rom a .al..mi hrozbami.",.. OEM_TOA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4628
                                                                                                                                                                          Entropy (8bit):5.433533100276745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H7718TA7STZFOZGOA9wSdASMoNNPDgYK0hQOLYBB+T:b7glDu8ASMAtjK0mOEBAT
                                                                                                                                                                          MD5:60E06C7C2CC2E0EB1DD485432924B968
                                                                                                                                                                          SHA1:21F75F04176180A254C7412A114D12E7C3B9EBEE
                                                                                                                                                                          SHA-256:D98475CAC32A5E18EA43CC9D35D92119BD33C6DFF025DEB8F1834F92E0A1A593
                                                                                                                                                                          SHA-512:7CCA8C25852A4F907890C73E8B3A7DEB4CF2A46CCBD029B60CEEC0E06A799F455CAA3BE251C657BDBB7E1D5BAB4C5BB92B0E82E060F254DDA08DABEF5AC3F617
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Upotpunite za.titu na internetu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Prava stvar!",.. OEM_TOAST_VARIANT_INFO: "Mo.ete biti mnogo bezbedniji na internetu. Dodajte za.titu pregledanja kako biste upotpunili McAfee Web Protection i pobolj.ali bezbednost na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Upotpunili ste postavku McAfee Web Protection omogu.uju.i za.titu pregledanja.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee antivirusnog programa",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita pregleda.a na internetu",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita pregleda.a je va.a prva linija odbrane od nebezbednih veb lokacija, veza, preuzimanja, malvera i jo. toga.",.. OEM_TOAST_VARIANT_FEATU

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4220
                                                                                                                                                                          Entropy (8bit):5.444091067154872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HkTQd3F1N1KuBfzHv7afFmZMfSseE08bwzGt9S0NpQIrCF+AQmGIA:KWVBbz5vsec0zK9p1LL/IA
                                                                                                                                                                          MD5:06DDEDD0C278753F69E4FF4674E6614B
                                                                                                                                                                          SHA1:3470530D55FE8DDDCB363470D54B9177EFEB2937
                                                                                                                                                                          SHA-256:6076A19912D15B9DF572F3C268F825859B824F9193C9D64C57F95C7869974808
                                                                                                                                                                          SHA-512:BAA58DEC69C7B6257C8880A0EDC6FB04974C68DD20197232A30D38162DABE60289C2FB3CA57B7D59E95D08963F6EBFDEEC6D689E8DA415FF42ED584D474057CC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Fullborda ditt skydd online - KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.d.r ja!",.. OEM_TOAST_VARIANT_INFO: "Du kan surfa mycket s.krare. L.gg till s.kskydd f.r att komplettera McAfee Web Protection och f.rb.ttra din s.kerhet online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har fullbordat inst.llningen av McAfee Web Protection genom att aktivera s.kskydd.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Provversion av McAfees virusskydd",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Webbl.sarskydd online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Webbl.sarskyddet .r ditt f.rsta f.rsvar mot os.kra webbsidor, l.nkar, h.mtningar, malware och mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "S.kskydd",.. OEM_TOAST_VARIANT_FEA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4525
                                                                                                                                                                          Entropy (8bit):5.530398100834962
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HsafCWrSckFzm3EzHFSCvXV4lsQtFT7tyJd:MaKWrSzm3EzHFSCP43PBy/
                                                                                                                                                                          MD5:A257776036EC055235476B933BB1A2F0
                                                                                                                                                                          SHA1:489E0CA8ED86E572A4940979AAC1399D38AF8370
                                                                                                                                                                          SHA-256:CC325C48332AD39AFF2C068020EFF1852A55B3AAE6CDF0617D587C0BC82078F5
                                                                                                                                                                          SHA-512:04FD6465239C9E196B33F1B769C77B103B52E67F87319CBEBC26D1EBBEC8E0EC8BCB836283981B715B06CD0D18D17C273BB0B76F1ED1B6335FC30FC571297AA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".evrimi.i koruman.z. tamamlay.n - .CRETS.Z!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tebrikler!",.. OEM_TOAST_VARIANT_INFO: ".evrim i.i .ok daha g.vende olabilirsiniz. McAfee Web Protection'. tamamlamak ve .evrim i.i g.venli.inizi art.rmak i.in arama korumas.n. ekleyin.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Arama korumas.n. etkinle.tirerek McAfee Web Protection'. .evrim i.i kurmay. tamamlad.n.z.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus Denemesi",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".evrim i.i taray.c. korumas.",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Taray.c. korumas.; g.venli olmayan web siteleri, ba.lant.lar, indirmeler, zararl. yaz.l.m vb.'ine kar.. ilk savunma hatt.n.zd.r.",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4033
                                                                                                                                                                          Entropy (8bit):6.107989660169052
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:HaLl2LYL7hjCL3PLYIL5LzLLL62KaLpLpLbYnL3LVeLuL/0LoqLlLVLvLkKLZRLp:H69N08pRNQ/OJJNZsjB90G3Qm/aCQVH6
                                                                                                                                                                          MD5:D2A4335DFB9EFCB73485D0C0807C2792
                                                                                                                                                                          SHA1:CF447A28A70F88168DEFE266798BDFEF3A044F1A
                                                                                                                                                                          SHA-256:EEEF0211C00E2E53D6DD6BE7B20D4379994D616691EC53B00FAB0CD180CE7041
                                                                                                                                                                          SHA-512:CCD66DE9416D7F8D31E7D2654BAE7533048FCA8B8DF4A0D877767615B5D50EE375D3CADD41EF8F27BE037958734065DA1688E6067A4750E96EB5F52F75EB7E7B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........ . ..!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".....!",.. OEM_TOAST_VARIANT_INFO: ".......................................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".......................",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...........",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC: "......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4288
                                                                                                                                                                          Entropy (8bit):6.168417961765325
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:HummxlGEjsinJjE8X7IujB0LbIF5fFrQTyKtyIs:OmmOvkEU7IuN0+5fF0vU
                                                                                                                                                                          MD5:E3BA53E61771C8BFD208DF6AE3412D95
                                                                                                                                                                          SHA1:64490728E322BCE3868B5D80109F923B4DC54155
                                                                                                                                                                          SHA-256:20CAA87E1DE50DFDA0B0019D1FD7E425CE050613DC1222B6F8CDC8B5FF0926BB
                                                                                                                                                                          SHA-512:0A5A25AA20A900D29CF5FC568D3C772F60ED91608D3C5C308E1377399902B54AEFBEAB4B708709C2BD2604F85F9A6BCDA5FBDEFD1845DBB02094D3A5ADB03335
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".......... . .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......",.. OEM_TOAST_VARIANT_INFO: "................ McAfee Web ...................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............. McAfee Web ......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus ..",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".....................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3415
                                                                                                                                                                          Entropy (8bit):5.6725182562708305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:calbcPcTkV6hxvM/L4PgzN/6hxO232sN4agGux:GUwdkec2sN4agGux
                                                                                                                                                                          MD5:1CE32A292F266E0D6E8079AE959D206C
                                                                                                                                                                          SHA1:F9ECB2DBE6C0BB745329B84F7C1DC74AA6288B7A
                                                                                                                                                                          SHA-256:7AE4303EDCBC48B3FAA5A7B0424845EAB9C756F2AEC392120D0EBE45348CEA19
                                                                                                                                                                          SHA-512:FA221BBE7B16CE232CA17CF38F23CA71B86FF73F25A363F2E693B940546C06043AACCFC78BA92F647286E0E44965E7BC558B6BC9FF5E08BBBE7C4C06B9EF07D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "N.pov.da",.. HELP_FAQ_TITLE: "Nej.ast.j.. dotazy",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Za.lete n.m e-mail na adresu",.. ABOUT: "O aplikaci",.. ABOUT_DESCRIPTION: "D.ky aplikaci {0} se m..ete na internetu l.pe rozhodovat.",.. CREATE_SAFER_PASSWORDS: "Vytv..en. bezpe.n.j..ch hesel",.. DOWNLOAD_CONFIDENTLY: "Stahov.n. bez obav",.. SETTINGS_SS_OPTION_ALL: "Informovat o bezpe.nosti v.sledk. hled.n. ve v.ech vyhled.va..ch",.. SETTINGS_SS_OPTION_NONE: "Neinformovat o v.sledc.ch hled.n.",.. SETTINGS_SS_OPTION_SS: "Informovat o bezpe.nosti v.sledk. hled.n. pouze ve slu.b. Bezpe.n. hled.n.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Vlo.te nebo zadejte adresu URL.",.. TRUST_SITE: "D.v..ovat str.nce",.. DONT_TRUST: "Ned.v..ovat",.. HELP_FAQ_SECTION_ONE_HEADER: "K .emu slou.. aplikace {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "D.ky aplikaci {0} se m..ete na in

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3222
                                                                                                                                                                          Entropy (8bit):5.3882022792999305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cIWPf2VFTTGDGMZO4WVFwT/s9vyNnma/DvOvEiFk83qS8sDQTjmHBgpKSF:9FMZAOgFiizJMjmWB
                                                                                                                                                                          MD5:986CDDED8B1EE14C49744118BA341E1A
                                                                                                                                                                          SHA1:D02FB5756007D45A4B6F53807AF68C67152167D0
                                                                                                                                                                          SHA-256:EDD906A33E49B87978E8EB9BA897FB5D35996224686A2E4346E9CA84B747FD11
                                                                                                                                                                          SHA-512:0C8AA9C6D3C4260972D5A0C1DBA6B7198F195987C7709F2208463C522C133B05835799048BFD7A21E5E2D44F27D88CFD1956C88447CD608574632C7A285CFB77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Ofte stillede sp.rgsm.l",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Send en mail til os p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. CREATE_SAFER_PASSWORDS: "Opret sikrere adgangskoder",.. DOWNLOAD_CONFIDENTLY: "Sikre overf.rsler",.. SETTINGS_SS_OPTION_ALL: "Fort.l mig, om et s.geresultat er sikkert i alle s.gemaskiner",.. SETTINGS_SS_OPTION_NONE: "Fort.l mig ikke om s.geresultater",.. SETTINGS_SS_OPTION_SS: "Fort.l mig, om et s.geresultat kun er sikkert i Sikker s.gning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Inds.t eller skriv URL-adressen",.. TRUST_SITE: "Har tillid til websted",.. DONT_TRUST: "Har ikke tillid",.. HELP_FAQ_SECTION_ONE_HEADER: "Hvad er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. HELP_F

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3302
                                                                                                                                                                          Entropy (8bit):5.3882318909350255
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:c5vPqTKqMocuMD9nd/9j25ktHec9VYwpu4sD2oitoq:BNMVLac+uYwp9sD2ptr
                                                                                                                                                                          MD5:147D9271854988E85E6B7ABB0A19C8CC
                                                                                                                                                                          SHA1:198BAF847182F5717A63BFC28AB69C6638E3975B
                                                                                                                                                                          SHA-256:E60C824B97124AC58E92C4FC17DE0165E3ECE34D40FEE59B40D6FC225EDDF5BB
                                                                                                                                                                          SHA-512:4191A40093720B3067C3AB5CBD8B5DF09223885690FB7499DA1439FFD0B7C77B748AA00E109723B1353D7A88F6FB5F9AE761A92216B50BAFABB383B8854A81B2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Hilfe",.. HELP_FAQ_TITLE: "H.ufig gestellte Fragen (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Senden Sie uns eine E-Mail:",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "Dank {0} k.nnen Sie besser entscheiden, welche Websites Sie unbesorgt besuchen k.nnen.",.. CREATE_SAFER_PASSWORDS: "Sicherere Kennw.rter erstellen",.. DOWNLOAD_CONFIDENTLY: "Sichere Dateien herunterladen",.. SETTINGS_SS_OPTION_ALL: "In jeder Suchmaschine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_NONE: "Keine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_SS: "Nur bei der sicheren Suche Bewertung von Suchergebnissen anzeigen",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL einf.gen oder eingeben",.. TRUST_SITE: "Site als vertrauensw.rdig einstufen",.. DONT_TRUST: "Nicht als vertrauensw.rdig einstufen",.. HELP_FAQ_SECTION_ONE_HEADER: "Was ist {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Dank {0} k.nnen Sie

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5323
                                                                                                                                                                          Entropy (8bit):5.039884397341082
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:czSqYMiAFSTIbO48c2aO490VuVMGzqRcAF+gx/ijYz2HC8Tt7iVJnIjz1NCPcWFa:DMO8w3BVGt22jz1QPltZIH9
                                                                                                                                                                          MD5:5EEB7AEFCA08B09AE14A82AF082D0319
                                                                                                                                                                          SHA1:25D9DBAED0B56792DA46B93EADE09A8292611688
                                                                                                                                                                          SHA-256:87AE0C4040364164D26A77121A7B011553C6FCF36D57BC954FB46261AE16BB94
                                                                                                                                                                          SHA-512:BD3FDF238F8CB5D42C584752F327D49CE7357D12B9E6F8FD8CC7787CCE674F188A4CB0D26695401137418C7F8EB7792776B20E2BFB4398EFA22538B60F9D3DC9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "...... .........",.. HELP_SUPPORT_TITLE: "..........",.. HELP_EMAIL_US: "....... ... ...... ............ ............ ... .........",.. ABOUT: "...........",.. ABOUT_DESCRIPTION: ".. {0} ... ..... .. ......... .......... ......... ....... .. ... ......... ... ... Internet.",.. CREATE_SAFER_PASSWORDS: "............ ............. ........ .........",.. DOWNLOAD_CONFIDENTLY: "......... ...... .. ........",.. SETTINGS_SS_OPTION_ALL: ".. ............ .. ... .......... .......... ..... ....... .. ........... ......... ..........",.. SETTINGS_SS_OPTION_NONE: ".. ... ............ ..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2970
                                                                                                                                                                          Entropy (8bit):5.340531156221564
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cwr9pTTyT7Few0MxjU99E/E0v7StLuJHTuiGextXq/JXTGpUx86NQ4QeQr4+8LkF:cwr9pPyTEMxI99E/fTStLOz7xtulGOx2
                                                                                                                                                                          MD5:E416F05EF2C13255FB856E2540354401
                                                                                                                                                                          SHA1:4A201A5C87AE5CC5FC1F0587B208B6797ED608CF
                                                                                                                                                                          SHA-256:E53F29691725551E77455FE08AE06D49E6D76C700A314EB5B9C728A77F6664ED
                                                                                                                                                                          SHA-512:71F8FE59EC173ED13EF7D3002B7AEB3B80710CF62D998386E4D8EB66B85CDFBAAC9E85C8B344B18751BCE9344AFFFA3E6726344B7B8DAC2A09A3884F68D35304
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Frequently Asked Questions (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Email us at",.. ABOUT: "About",.. ABOUT_DESCRIPTION: "{0} helps you make better decisions about what you do online.",.. CREATE_SAFER_PASSWORDS: "Create safer passwords",.. DOWNLOAD_CONFIDENTLY: "Download confidently",.. SETTINGS_SS_OPTION_ALL: "Tell me if a search result is safe in any search engine",.. SETTINGS_SS_OPTION_NONE: "Don't tell me about search results",.. SETTINGS_SS_OPTION_SS: "Tell me if a search result is safe only in Secure Search",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Paste or type your URL",.. TRUST_SITE: "Trust site",.. DONT_TRUST: "Don't trust",.. HELP_FAQ_SECTION_ONE_HEADER: "What is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helps you make better decisions about what you do online.",.. HELP_FAQ_SECTION_TWO_HEADER: "How do I share {0} with others?",.. HELP_FAQ_SECTION_TWO_CO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3318
                                                                                                                                                                          Entropy (8bit):5.384176124857811
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cDEMyiTKKM+hOeBgn/qfBJq3/GQjD7mQujWoIcsAluB:vieH+g1D7mfIcsCuB
                                                                                                                                                                          MD5:287426C61EF34FE81F04FF539428702A
                                                                                                                                                                          SHA1:5722B989E9151788335E457F6D04DAA7E38C8605
                                                                                                                                                                          SHA-256:2C6435C4521F498D03742FC5221E5C3F9FE364632D1F498B40FC062B3214D3F2
                                                                                                                                                                          SHA-512:0695FEB3D1E32C9778F4BDC263882643B90579FA7C3A5893FF4787EED1B78CA4C4AC7C6C1D855D980D80D6AE7976FCE1815B3418FE802569E6A6BC5C5796F368
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico a",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} le ayuda a tomar decisiones m.s fundamentadas acerca del uso que hace de Internet.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con seguridad",.. SETTINGS_SS_OPTION_ALL: "Informarme si un resultado de b.squeda es seguro en otro motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No informarme de resultados de b.squeda",.. SETTINGS_SS_OPTION_SS: "Informarme si un resultado de b.squeda es seguro solo en B.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Confiar en el sitio web",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} le ayuda a tomar decisiones m.s fu

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3269
                                                                                                                                                                          Entropy (8bit):5.39923044166933
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cDEMRrT9tM+hOeBJDfE/ZABFWeLT91e5kkmpouToIc2eoxkrHX:SRO+gEDUkkmAIc6eHX
                                                                                                                                                                          MD5:9BE106DBA0A89616F11CF5439894919C
                                                                                                                                                                          SHA1:39353BB978FF16BB7C377CE04E367F0D3FA57C93
                                                                                                                                                                          SHA-256:185D769876360325900E05E3318664A02F5EABE5F4FACB348FB9979032C71D92
                                                                                                                                                                          SHA-512:AAA3D7CD6E69109A1A646C6152F6F9F9CF3E3ABC42590CB25276E38097B6383947609CAF47DE9CD27185CE70CAC375518818D5DBB126252AA1CA3D8EF0A84C15
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} lo ayuda a tomar mejores decisiones acerca de lo que hace en l.nea.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con confianza",.. SETTINGS_SS_OPTION_ALL: "Comunicarme si un resultado de b.squeda es seguro en cualquier motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No comunicarme sobre los resultados de b.squedas",.. SETTINGS_SS_OPTION_SS: "Comunicarme si un resultado de b.squeda es seguro solo en b.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Sitio de confianza",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} lo ayuda a tomar mejores decisiones acerc

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3156
                                                                                                                                                                          Entropy (8bit):5.3436619335033475
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cFjnmzGSTEMQHo+X/lFYpHNVbA5yZq0Ui4ce:dzGSxDlNFR8i4F
                                                                                                                                                                          MD5:78DC242841C8955CA096D7109F84940E
                                                                                                                                                                          SHA1:1595F8915EF01CC7BE9D792216F96350A5096682
                                                                                                                                                                          SHA-256:16FD60BA1EA186B157DCCFD608540B10BB066332450D3D99636DE206006D1A1D
                                                                                                                                                                          SHA-512:521B6CEABCC8CD9914B5743C30F037199F37C7E37AF779BA599361F356E9D4E352E0BDD113A68DF8A131484DE7C057CE75D05A871852D3360939947358090101
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Ohje",.. HELP_FAQ_TITLE: "Usein kysytyt kysymykset (UKK)",.. HELP_SUPPORT_TITLE: "Tuki",.. HELP_EMAIL_US: "L.het. meille s.hk.postia osoitteeseen",.. ABOUT: "Tietoja",.. ABOUT_DESCRIPTION: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. CREATE_SAFER_PASSWORDS: "Entist. turvallisempien salasanojen luominen",.. DOWNLOAD_CONFIDENTLY: "Luotettava lataaminen",.. SETTINGS_SS_OPTION_ALL: "Ilmoita, onko hakutulos turvallinen, miss. tahansa hakukoneessa",.. SETTINGS_SS_OPTION_NONE: ".l. n.yt. ilmoituksia hakutulosten turvallisuudesta",.. SETTINGS_SS_OPTION_SS: "Ilmoita, onko hakutulos turvallinen, kun k.yt.n Suojattua hakua",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Liit. tai kirjoita URL-osoite",.. TRUST_SITE: "Luota sivustoon",.. DONT_TRUST: ".l. luota",.. HELP_FAQ_SECTION_ONE_HEADER: "Mik. on {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. HELP_FAQ_S

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3475
                                                                                                                                                                          Entropy (8bit):5.381791221753888
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cyXk9LMTrBXOkXco29M5t6QUxT//fM5NzyKt6yQjhEp2:zZR+ksoX4xgbyK1QjhEw
                                                                                                                                                                          MD5:487CD924C4ED60BD9F2EF8AB1E181DD5
                                                                                                                                                                          SHA1:9D2C4D25151FE2D6ACD20B97194721545AC67BFB
                                                                                                                                                                          SHA-256:68369D5DA42E5B5418FB2B35D0797C21AB502DF7D6416BB93EA137FDAC2BA53E
                                                                                                                                                                          SHA-512:9BDCAA1E97D41FC69A0EC5FD95DFF88EE1F61B890A7D0618CC9AE752018A7567028FFE0D06840460F8DBA4E7878D797155581762883C823C6770721E9546C2D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Soutien",.. HELP_EMAIL_US: "Envoyez-nous un courriel au",.. ABOUT: ". propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre de meilleures d.cisions sur vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.er des mots de passe plus s.rs",.. DOWNLOAD_CONFIDENTLY: "T.l.charger de fa.on confidentielle",.. SETTINGS_SS_OPTION_ALL: "Me dire si un r.sultat de recherche est s.r dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne pas me parler des r.sultats de recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si un r.sultat de recherche est s.r seulement dans la recherche s.curis.e",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Coller ou saisir votre URL",.. TRUST_SITE: "Faire confiance au site",.. DONT_TRUST: "Ne pas faire confiance",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3557
                                                                                                                                                                          Entropy (8bit):5.407604941374556
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cyXkPWgMTpX56126MJk7OQTxN//i46XeNWtd0lDqKStVGC4jRgo5wRn:zrN1XU1G2xKnINCieo4
                                                                                                                                                                          MD5:EBFF2F699FA2915800E9E6EAF6DAD6C1
                                                                                                                                                                          SHA1:21E2827B4446D9AF0E9AC693E3A2405D989EFF39
                                                                                                                                                                          SHA-256:4C5470EEF6430967DB9346B9FF1B55C286F3AFBF71071A0CC184DD45EC63B214
                                                                                                                                                                          SHA-512:9773A3DD83DE8D775951250155C3BAAE277110AD14AEA6C7E7528BC671C38DC1539085FCB820E6EEB0932B87BBCBF248916989C73A124AB8BD6A3FF3ED4602A3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Contactez-nous par e-mail . cette adresse",.. ABOUT: "A propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre les bonnes d.cisions en ce qui concerne vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.ez des mots de passe plus fiables",.. DOWNLOAD_CONFIDENTLY: "T.l.chargez en toute confiance",.. SETTINGS_SS_OPTION_ALL: "Me dire si le r.sultat de la recherche est prot.g. dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne rien me dire sur les r.sultats de la recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si le r.sultat de la recherche est prot.g. dans la recherche s.curis.e uniquement",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Collez ou saisissez l'URL",.. TRUST_SITE: "Approuver",.. DONT_TRUST: "Ne pas approuver",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}.?",.. HELP_FAQ

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3286
                                                                                                                                                                          Entropy (8bit):5.450685577880872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cv359TfWlMbZ5ur/cOKc+vOOES9Wxt9yzoIEZUDrBdjDeX:iLW2yYlVES9+96UuDrBdjDg
                                                                                                                                                                          MD5:6B0B147B984611AD62B274061C434872
                                                                                                                                                                          SHA1:5DAC514E617534A59C8561264196E52132E99D7D
                                                                                                                                                                          SHA-256:F06A5F59D0E9189B98B1E8F2ADD444B458079F66B498EF4EE008D544AE5585D8
                                                                                                                                                                          SHA-512:EAD2C79B8AE84D5BE8F3F9F835A1550AD601D0CB58639E410917E15CB51C76B7D5498F87BF67748D6761C7D37669E10ECD0C4E6563A17F89378E69E1AA879AD7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: ".esto postavljana pitanja (.PP)",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Obratite nam se na adresi e-po.te",.. ABOUT: "O aplikaciji",.. ABOUT_DESCRIPTION: "{0} poma.e vam u dono.enju boljih odluka o tome .to .inite na mre.i.",.. CREATE_SAFER_PASSWORDS: "Stvorite sigurnije lozinke",.. DOWNLOAD_CONFIDENTLY: "Pouzdano preuzimajte",.. SETTINGS_SS_OPTION_ALL: "Obavijesti me ako je rezultat pretra.ivanja siguran u bilo kojoj tra.ilici",.. SETTINGS_SS_OPTION_NONE: "Nemoj me obavijestiti o rezultatima pretra.ivanja",.. SETTINGS_SS_OPTION_SS: "Obavijesti me ako je rezultat pretra.ivanja siguran samo u Sigurnom pretra.ivanju",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Zalijepite ili unesite svoj URL",.. TRUST_SITE: "Mjesto smatraj pouzdanim",.. DONT_TRUST: "Ne smatraj pouzdanim",.. HELP_FAQ_SECTION_ONE_HEADER: ".to je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} poma.e vam

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3670
                                                                                                                                                                          Entropy (8bit):5.574443846574153
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:c491zbQ9T9aMhF7fQdq/SvRonzXfFNtvf1B1BER7yU8J:tbQ9hfQfRonzb/3iRGU8J
                                                                                                                                                                          MD5:211C56AD5F383EB02F69BA89FACAAAC6
                                                                                                                                                                          SHA1:45710CAC2EBBEC7BD5211C19819902703FF608AE
                                                                                                                                                                          SHA-256:0751370CECD364008724CEDD53187F0BA2D8CD53C317B30876F43951DDC766F2
                                                                                                                                                                          SHA-512:63BE908C6D7474E52D51F83F62E21F66449CF69A4583721D22E39789EAF4E845FA028B6F3E6765E5E44738D90FA6B9F9B574726AD5A644DE4F4E01DCAC42F452
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "S.g.",.. HELP_FAQ_TITLE: "Gyakran ism.telt k.rd.sek (GYIK)",.. HELP_SUPPORT_TITLE: "T.mogat.s",.. HELP_EMAIL_US: "K.ldj.n nek.nk e-mailt az al.bbi c.mre:",.. ABOUT: "N.vjegy",.. ABOUT_DESCRIPTION: "A(z) {0} seg.ts.get ny.jt ahhoz, hogy jobb d.nt.seket hozhasson az online vil.gban.",.. CREATE_SAFER_PASSWORDS: "Biztons.gosabb jelszavak l.trehoz.sa",.. DOWNLOAD_CONFIDENTLY: "Biztons.gos let.lt.s",.. SETTINGS_SS_OPTION_ALL: "T.j.koztasson a keres.s eredm.ny.nek biztons.goss.g.r.l b.rmely keres.motorra vonatkoz.an",.. SETTINGS_SS_OPTION_NONE: "Ne t.j.koztasson a keres.si eredm.nyekkel kapcsolatban",.. SETTINGS_SS_OPTION_SS: "A keres.s eredm.ny.nek biztons.goss.g.r.l csak a Biztons.gos keres.sben t.j.koztasson",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL beilleszt.se vagy be.r.sa",.. TRUST_SITE: "Megb.zhat. webhely",.. DONT_TRUST: "Nem megb.zhat.",.. HELP_FAQ_SECTIO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3280
                                                                                                                                                                          Entropy (8bit):5.318299995140633
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cF+xiITUmLgSM+xy07Zg/ikrQs9N46fkjorok0jQxsTWa:QIIag/+fENbsErI0xsj
                                                                                                                                                                          MD5:1DAC66AF50FCE87B340469CD5F4EA749
                                                                                                                                                                          SHA1:3920F569D92358810BA439FD30949C424DACB7EE
                                                                                                                                                                          SHA-256:846156959A61C8949344F636FEBC9CAB9A41053F8422F9E389827A6D682432B2
                                                                                                                                                                          SHA-512:216898CE8DB4D99F3E71E40E60BCBE03DAC34B627497FA54486A41FDE7662F155E5E1BEECA449D7E2FB5D445F697B750B44B61C5371B7F6E129CF25D7E39D18B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Guida",.. HELP_FAQ_TITLE: "Domande frequenti",.. HELP_SUPPORT_TITLE: "Assistenza",.. HELP_EMAIL_US: "Contattaci via email all'indirizzo",.. ABOUT: "Informazioni su",.. ABOUT_DESCRIPTION: "{0} ti aiuta a prendere decisioni pi. consapevoli sulle attivit. online.",.. CREATE_SAFER_PASSWORDS: "Crea password pi. sicure",.. DOWNLOAD_CONFIDENTLY: "Scarica con la massima sicurezza",.. SETTINGS_SS_OPTION_ALL: "Comunicami se un risultato di ricerca . sicuro in un motore di ricerca",.. SETTINGS_SS_OPTION_NONE: "Non comunicare nulla riguardo ai risultati di ricerca",.. SETTINGS_SS_OPTION_SS: "Comunicami se un risultato di ricerca . sicuro solo in ricerca sicura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Incolla o digita l'URL",.. TRUST_SITE: "Considera affidabile il sito",.. DONT_TRUST: "Non considerare affidabile",.. HELP_FAQ_SECTION_ONE_HEADER: "Che cos'. {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ti aiuta a prendere dec

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3760
                                                                                                                                                                          Entropy (8bit):5.744044953556827
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cFuvhOT6tGCuqZu0KMV1V6Gq//0bNbJkKjixAwRm4wegixVU0s6:1YGtGCuyu0HfDFBPiKem4/gi/s6
                                                                                                                                                                          MD5:5705CB5E22FF4A7F3AF488D8D754E1E3
                                                                                                                                                                          SHA1:BB329D5C2A90344F4B420E6D223B66A0E9FE8E5E
                                                                                                                                                                          SHA-256:4A8A67866841B4B790B1A5317999059335CC2F24A7063584F2450BC01FF34285
                                                                                                                                                                          SHA-512:32A8AE21F4D5396A354615B9A0E0381369B3076BA3B11AFB42F40916CA6EAA229918D5402560DF6AB2639A736DD8CB2ED1E07484A7412D8967C2592FC30ACB42
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "....",.. HELP_EMAIL_US: "........",.. ABOUT: ".......",.. ABOUT_DESCRIPTION: "{0} ...................",.. CREATE_SAFER_PASSWORDS: "...............",.. DOWNLOAD_CONFIDENTLY: "...........",.. SETTINGS_SS_OPTION_ALL: "..........................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: ".... .....................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL ................",.. TRUST_SITE: "........",.. DONT_TRUST: ".....",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} .......",.. HELP_FAQ_SECTI

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3451
                                                                                                                                                                          Entropy (8bit):5.825420860271677
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:c0hbqh5TgP81LM2z7i6B/+XP6HUdYXx/gAw8otAJ2y8BwG8:JWQ8S76X6Avot3hy
                                                                                                                                                                          MD5:681288B9279C9CBC25583FE9BEBD7010
                                                                                                                                                                          SHA1:43C5199831B5840915DB683237A646E93C819C1A
                                                                                                                                                                          SHA-256:A740211144E010392A722A92F26611FC89EC4A9492F04DD39C6CCE8660D0E469
                                                                                                                                                                          SHA-512:97BE222C733D9CD8FC0BD9624B61DC3872821435BCBE9702C2B85BA3A61E8999F8F27DAD8032EF66B4888D21ACE9BA14372166EF58226734126124895A62BC7D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "... ..(FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "... ..",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}. .... ... .. . ... ... .. . ... ......",.. CREATE_SAFER_PASSWORDS: ".. ... .. ...",.. DOWNLOAD_CONFIDENTLY: "... ....",.. SETTINGS_SS_OPTION_ALL: ".. .. .... .. ... .... ..",.. SETTINGS_SS_OPTION_NONE: ".. ... .. ... ..",.. SETTINGS_SS_OPTION_SS: ".. ..... .. ... .... ..",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL. .. ... ......",.. TRUST_SITE: "... ..",.. DONT_TRUST: ".... ..",.. HELP_FAQ_SECTION_ONE_HEADER: "{0}. .....?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}. .... ... .. . ... .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3107
                                                                                                                                                                          Entropy (8bit):5.357002813107769
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cA9ffAT6MuE50WT/CGoDAUtGZpn2g3BBIP:ejVoxtepD3B6P
                                                                                                                                                                          MD5:2F10B37F542A46D1752ADCEF7B5BB5D6
                                                                                                                                                                          SHA1:AA776B7E2B4035B2A94B309D4C6B8402A6171B9E
                                                                                                                                                                          SHA-256:D2DA58C39AB525B77F4D21A7028526BC8F0CCBBF5BB1483A77ADCC8710BE76CB
                                                                                                                                                                          SHA-512:6FB2DD20B5C71146F7DB145889749B826758F3DE36D66A6DB8638D42322398AE8E7D7136ECC4231CEA1C6DF66AF0426C628AF82BA42506C3AC1E5B56C9BC1E0A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Hjelp",.. HELP_FAQ_TITLE: "Vanlige sp.rsm.l",.. HELP_SUPPORT_TITLE: "St.tte",.. HELP_EMAIL_US: "Send oss en e-postmelding til",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. CREATE_SAFER_PASSWORDS: "Opprett sikrere passord",.. DOWNLOAD_CONFIDENTLY: "Last ned uten bekymringer",.. SETTINGS_SS_OPTION_ALL: "Fortell om et s.keresultat er trygt, i enhver s.kemotor",.. SETTINGS_SS_OPTION_NONE: "Ikke fortell meg om s.keresultatene",.. SETTINGS_SS_OPTION_SS: "Fortell om et s.keresultat er sikkert, men bare i Sikkert s.k",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Lim eller skriv inn URL-adressen din",.. TRUST_SITE: "Klarer omr.de",.. DONT_TRUST: "Ikke klarer",.. HELP_FAQ_SECTION_ONE_HEADER: "Hva er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. HELP_FAQ_SECTION_TWO_HEAD

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3196
                                                                                                                                                                          Entropy (8bit):5.33513380019923
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cwMUf5ztTk0aUPDMavouzNv/lzz0TldANPQ3tBvlv0Zg0:rhtaUQWiMctBvBIg0
                                                                                                                                                                          MD5:7635F959635490EFC057663B259EB2D0
                                                                                                                                                                          SHA1:F0DE31FFF76CBC8D97B295AC3D9EF48A8D35CC92
                                                                                                                                                                          SHA-256:2B862B5D5E0514761183AA6F1097131E87554AC00B83E72A911432E884EA1E57
                                                                                                                                                                          SHA-512:3953F5BDD3FB80961E7961212CBA06E59802F86CA17B7BD733C21085BA9C58521938CC89504317C9F73A00F2A71E2FE5E4121AF5058D1034B85F835CCAA6A7B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Veelgestelde vragen",.. HELP_SUPPORT_TITLE: "Ondersteuning",.. HELP_EMAIL_US: "E-mail ons op",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. CREATE_SAFER_PASSWORDS: "Maak veiligere wachtwoorden",.. DOWNLOAD_CONFIDENTLY: "Download probleemloos",.. SETTINGS_SS_OPTION_ALL: "Laat mij in elke zoekmachine weten of een zoekresultaat veilig is",.. SETTINGS_SS_OPTION_NONE: "Niets zeggen over zoekresultaten",.. SETTINGS_SS_OPTION_SS: "Laat mij alleen in Beveiligd zoeken weten of een zoekresultaat veilig is",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Plak of typ uw URL",.. TRUST_SITE: "Site vertrouwen",.. DONT_TRUST: "Niet vertrouwen",.. HELP_FAQ_SECTION_ONE_HEADER: "Wat is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. HELP_FAQ_SECTION_TWO_HEADER: "Hoe kan ik {0} met

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3433
                                                                                                                                                                          Entropy (8bit):5.608809207063229
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cnWv3LDTIKXe8FDXdIzMn5VRe/8gAR+3jRsFAEEGs6L49l0v2dUPJJJZ:ZPUKpFDOIiRc7EA+lXUPJJ7
                                                                                                                                                                          MD5:1B0655B209680EC52E7AAF564F3F1147
                                                                                                                                                                          SHA1:A4BA7EBFBCE7724ED390272E229242059111C8A5
                                                                                                                                                                          SHA-256:E3761E59DDBCD74B8121027392D92DAEF066E575EC896D443165D265708A0162
                                                                                                                                                                          SHA-512:1EC9EB8C50B89F1AEAADF8157C7F02D588ACD8D665C2F6EC86B078484AF371C1807781D9903EB2489A8F3DB195D4923A188F3AD9F7CB8FE03714CA9AAF605CE8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Pomoc",.. HELP_FAQ_TITLE: "Cz.sto zadawane pytania",.. HELP_SUPPORT_TITLE: "Pomoc techniczna",.. HELP_EMAIL_US: "Wy.lij wiadomo.. e-mail na adres",.. ABOUT: "Informacje",.. ABOUT_DESCRIPTION: "Program {0} pomaga podejmowa. rozs.dne decyzje podczas przegl.dania Internetu.",.. CREATE_SAFER_PASSWORDS: "Tw.rz silniejsze has.a",.. DOWNLOAD_CONFIDENTLY: "Pobieraj bez obaw",.. SETTINGS_SS_OPTION_ALL: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania w ka.dej wyszukiwarce",.. SETTINGS_SS_OPTION_NONE: "Nie pokazuj ocen wynik.w wyszukiwania",.. SETTINGS_SS_OPTION_SS: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania tylko w wyszukiwarce Bezpieczne wyszukiwanie",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Wklej lub wpisz adres URL",.. TRUST_SITE: "Zaufaj witrynie",.. DONT_TRUST: "Nie ufaj",.. HELP_FAQ_SECTION_ONE_HEADER: "Co to jest {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Program {0} pomaga podejmowa. rozs.dne

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3252
                                                                                                                                                                          Entropy (8bit):5.391105831619536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cc0m2Tpgz2z24eMgUWy0/IULhYRukp+ATR8tXVfNTiWC4:wloYdMIuQ8FVfhic
                                                                                                                                                                          MD5:2E5EF44195F8C2DF73B2E860189724C4
                                                                                                                                                                          SHA1:320A61BA8B311BD3F621CE501BE0874BACAF95F1
                                                                                                                                                                          SHA-256:74AE28DAB2865D432D8AF840669AFB53A37FE367B511BFCF4FAC34C82BE28A46
                                                                                                                                                                          SHA-512:96EDE9CA7A46A4729CC3803A9A6213A83C72391007F6F619BC189231A490465FB1D923C2BF57DF9FCA19120876E769A7B627622252F718ED11787FAE750BA48A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas frequentes",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie um e-mail para",.. ABOUT: "Sobre",.. ABOUT_DESCRIPTION: "{0} ajuda voc. a tomar melhores decis.es durante suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie senhas mais seguras",.. DOWNLOAD_CONFIDENTLY: "Fa.a downloads com confian.a",.. SETTINGS_SS_OPTION_ALL: "Avise-me quando um resultado de pesquisa for seguro em qualquer mecanismo de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me avise a respeito dos resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Avise-me quando um resultado de pesquisa for seguro apenas com a Pesquisa segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Copie ou cole seu URL",.. TRUST_SITE: "Confiar no site",.. DONT_TRUST: "N.o confiar",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ajuda voc. a tomar melhores decis.es durante suas ativid

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3264
                                                                                                                                                                          Entropy (8bit):5.39131822590979
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ccGmQ7XTlHUszMAqjI/O/rgZaFWCG3Ix5amxnZ:I7hHUlmwamxnZ
                                                                                                                                                                          MD5:2C919BCF8F2EED219B35CEAB18C6F251
                                                                                                                                                                          SHA1:7D80587256B5FC9B3DF150804CF3445601DEEBE2
                                                                                                                                                                          SHA-256:C76DB5DAB77301013A12E89D24D2975982B7F2B3A1F8FA16E5CFBEB9A0BE35B6
                                                                                                                                                                          SHA-512:A61BC3B00CD5F5228225F82A17EA0418E07C236B7F7439BD0D855CE7197D1F7DD71F746755F88BD1561FDA34E483FF59F9A661B0AF1314A9CF9136EE6BC9D577
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas Mais Frequentes (FAQs)",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie-nos uma mensagem de correio eletr.nico para",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "O {0} ajuda-o a tomar melhores decis.es acerca das suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie palavras-passe mais seguras",.. DOWNLOAD_CONFIDENTLY: "Transfira com confian.a",.. SETTINGS_SS_OPTION_ALL: "Indicar se um resultado de pesquisa . seguro em todos os motores de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me informar sobre os resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Indicar se um resultado . seguro apenas na Pesquisa Segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Cole ou escreva o URL",.. TRUST_SITE: "Considerar site fidedigno",.. DONT_TRUST: "N.o considerar fidedigno",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . o {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "O {0} ajuda-o a toma

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4697
                                                                                                                                                                          Entropy (8bit):5.05412449617714
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cgyp6VTFkLeMF+TXVjM/2m9VzTUmw9+WTnoXTAqsS:LVRkHARMH4TnoDAqsS
                                                                                                                                                                          MD5:73032437E73E7447AE70F9A44FEBCDC0
                                                                                                                                                                          SHA1:1940D1CADF5E329593E97D26214646860ABE90BC
                                                                                                                                                                          SHA-256:1E821A5862C6DEF65373A430903135B76356437EAB854F8414A0FBDD4B15879C
                                                                                                                                                                          SHA-512:AB6F68D3E05307CC3E7FFCE6B017E1A873748875DBB712BC97E081B11659266458CA51015EB07193124E007BE3772F70F5D9ADAB670B88D4AE8036265D996D55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "..... .......... .......",.. HELP_SUPPORT_TITLE: ".........",.. HELP_EMAIL_US: "..... ........... .....:",.. ABOUT: ". .........",.. ABOUT_DESCRIPTION: "{0} . ... .........., ........... ..... ......... ........... . ..........",.. CREATE_SAFER_PASSWORDS: "........ ........ .......",.. DOWNLOAD_CONFIDENTLY: "........ ... ........",.. SETTINGS_SS_OPTION_ALL: "........ . ............ ........... ...... .. .... ......... ........",.. SETTINGS_SS_OPTION_NONE: ".. ........ . ............ ........... ......",.. SETTINGS_SS_OPTION_SS: "........ . ............ ........... ...... ...... . ..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3534
                                                                                                                                                                          Entropy (8bit):5.654635030313481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cwP+i9HTsGeKlMMUjY3n8BEM/f0vlJuOquLlXElBfoWagWpWrdimER7r+05+1s0T:cwPb9HTcKaMUy8aM/sX0ajnecmSr+HT
                                                                                                                                                                          MD5:5F9B7CA900708D3D00AC53624C5A0E81
                                                                                                                                                                          SHA1:B709D60FD41769D76BD06665D02DBE9296C83468
                                                                                                                                                                          SHA-256:11F51735F5C39AB369A4D82C1315F565C500E2AF566F0991BF83A7C93FD00FE5
                                                                                                                                                                          SHA-512:942E7EAA21F965F22786DC87DEC29DF4F47115C3971B80013CEFA447543C987F904C478EA47044E5362922EBE5E05AF2B243762BAB7197F847B4307A30F23ABF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Pomocn.k",.. HELP_FAQ_TITLE: "Naj.astej.ie ot.zky",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Po.lite n.m e-mail na adresu",.. ABOUT: "Inform.cie",.. ABOUT_DESCRIPTION: "Aplik.cia {0} v.m pom..e robi. lep.ie rozhodnutia o va.om .ivote online.",.. CREATE_SAFER_PASSWORDS: "Vytv.rajte bezpe.nej.ie hesl.",.. DOWNLOAD_CONFIDENTLY: "S.ahujte d.veryhodn. s.bory",.. SETTINGS_SS_OPTION_ALL: "Informova. o bezpe.nosti v.sledku vyh.ad.vania v ka.dom vyh.ad.vacom n.stroji",.. SETTINGS_SS_OPTION_NONE: "Neinformova. o v.sledkoch vyh.ad.vania",.. SETTINGS_SS_OPTION_SS: "O.bezpe.nosti v.sledku vyh.ad.vania ma informujte len v.zabezpe.enom vyh.ad.van.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Prilepte alebo zadajte adresu URL",.. TRUST_SITE: "D.verova. lokalite",.. DONT_TRUST: "Ned.verova.",.. HELP_FAQ_SECTION_ONE_HEADER: ".o je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Aplik.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3203
                                                                                                                                                                          Entropy (8bit):5.449178183879912
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cvh5lgT19NMMgHg8/9WQqRZt8JZZmVau8KP8jvv/FUD8VSr:BhlmJXPdSD8VSr
                                                                                                                                                                          MD5:91776C4DCE4AE25054106EAAF0E5CF82
                                                                                                                                                                          SHA1:04FDBCF9D80AF17ECE34B4689B02A20A23DB5B98
                                                                                                                                                                          SHA-256:35414C84E97DC6217F49DA76C38973E7B78CB681E1DCE619F1DFA83EEC2E1A3C
                                                                                                                                                                          SHA-512:5943901383F207EAC4572A8FD10BDE0A52F7E7F0E04B291E594271DF46207B8C40E1F8173BF44CCE9AABBCD66E670ECE766DA40F20A749A86FB98ED9CB1FF128
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: "Naj.e..a pitanja",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Po.aljite nam e-poruku na adresu",.. ABOUT: "Osnovni podaci",.. ABOUT_DESCRIPTION: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.i.",.. CREATE_SAFER_PASSWORDS: "Kreirajte bezbednije lozinke",.. DOWNLOAD_CONFIDENTLY: "Preuzimajte bezbri.no",.. SETTINGS_SS_OPTION_ALL: "Obavesti me u svakom pretra.iva.u da li je rezultat pretrage bezbedan",.. SETTINGS_SS_OPTION_NONE: "Ne obave.tavaj me o rezultatima pretrage",.. SETTINGS_SS_OPTION_SS: "Obavesti me samo u bezbednoj pretrazi da li je rezultat pretrage bezbedan",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Nalepite ili unesite URL adresu",.. TRUST_SITE: "Veruj lokaciji",.. DONT_TRUST: "Ne veruj",.. HELP_FAQ_SECTION_ONE_HEADER: ".ta je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3145
                                                                                                                                                                          Entropy (8bit):5.469555751385765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cayPkTXsNMjOlH/PROv5eFqNzXl9Rjz8BU535tP:3Dsu/TNl9Fz3bP
                                                                                                                                                                          MD5:8F155685D5E52273E8603231579DDEC0
                                                                                                                                                                          SHA1:AA44AA88B9EB1CD440C22166D7542384DBF1572F
                                                                                                                                                                          SHA-256:4D70A2F7E7F1E8083E750F82CF3832CA00B5086EE4986470B0749E7084090074
                                                                                                                                                                          SHA-512:224803062A4C68E5BC03178016F3F82149305D1DC4072424298B8CD21AF726CA44CB5196FC313FE9EF1283974589F9B187E1E45FD920BBD341507EBB0BAE2881
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Vanliga fr.gor (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Kontakta oss via e-post p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. CREATE_SAFER_PASSWORDS: "Skapa s.krare l.senord",.. DOWNLOAD_CONFIDENTLY: "S.kra h.mtningar",.. SETTINGS_SS_OPTION_ALL: "Informera mig om s.kra s.kresultat i samtliga s.kmotorer",.. SETTINGS_SS_OPTION_NONE: "Informera mig inte om s.kresultat",.. SETTINGS_SS_OPTION_SS: "Informera mig om s.kra s.kresultat, men endast vid s.ker s.kning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Klistra in eller ange webbadress (URL)",.. TRUST_SITE: "Ange som betrodd webbplats",.. DONT_TRUST: "Ange inte som betrodd webbplats",.. HELP_FAQ_SECTION_ONE_HEADER: "Vad .r {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. HELP_FA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3451
                                                                                                                                                                          Entropy (8bit):5.517767275362882
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:cUCFiIkATzMz/k1/DJMWeTc3a/B6eCVt/zes6t3K8SLcwl39cNyOA:gngIDKQ/ei/Bik39cN+
                                                                                                                                                                          MD5:A679FE63A496141019718388B93F41BE
                                                                                                                                                                          SHA1:23C688A4555E5D9E74EC55C4E8C389D91B3A9500
                                                                                                                                                                          SHA-256:2BB125C0254413048BB41F43E5E1A2FC88934433AFEB43946DD976D71502F07A
                                                                                                                                                                          SHA-512:F973DA2B927F5ADFFEE427C9943CAFF0B3FDFC570EECCD6C67CF2F734423EB8EC7003AB80C03673572339D04574854965A51CBDF00A458178C2EA26F45E5EBA1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "Yard.m",.. HELP_FAQ_TITLE: "S.k Sorulan Sorular (SSS'ler)",.. HELP_SUPPORT_TITLE: "Destek",.. HELP_EMAIL_US: ".u adresten bize e-posta g.nderin:",.. ABOUT: "Hakk.nda",.. ABOUT_DESCRIPTION: "{0} .evrimi.iyken ne yapaca..n.z konusunda daha iyi kararlar alman.za yard.mc. olur.",.. CREATE_SAFER_PASSWORDS: "Daha g.venli parolalar olu.turun",.. DOWNLOAD_CONFIDENTLY: "G.venle indirin",.. SETTINGS_SS_OPTION_ALL: "Herhangi bir arama motorunda bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_SS_OPTION_NONE: "Arama sonu.lar.n. benimle payla.ma",.. SETTINGS_SS_OPTION_SS: "Yaln.zca G.venli Arama'da bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL'nizi yap..t.r.n veya yaz.n",.. TRUST_SITE: "Bu siteye g.ven",.. DONT_TRUST: "G.venme",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} nedir?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2969
                                                                                                                                                                          Entropy (8bit):6.138061744885662
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cii4bo8iTBSeLHzMP0jnlOe/50vovlun8uTAlHWx3sMvZpSIOeN5SfKj0gPBFlpW:cii4boXTNHzMP07we/OQvl08GN8oZkII
                                                                                                                                                                          MD5:099FF0A2D163F4BD42BF7D0B81AA1280
                                                                                                                                                                          SHA1:A153027E4B93478EAA75ADC5ECFF468E7801CDCD
                                                                                                                                                                          SHA-256:91215BE8F51D46536B4284C43BDD48115246B3DCDC80ED537F9FF7FEA4F76815
                                                                                                                                                                          SHA-512:7A058E418229A21072B536195B83C4619C2474215D2D2589A5B13D4041825E0A88C532DBCD6F6C70209616AC13FABBFADB2F46343003DAD7ECFB46193D07452E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: ".........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}.................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: "......",.. SETTINGS_SS_OPTION_ALL: ".....................",.. SETTINGS_SS_OPTION_NONE: ".........",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "..... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "...",.. HELP_FAQ_SECTION_ONE_HEADER: "... {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}.................",.. HELP_FAQ_SECTION_TWO_HEADER: ".......{0}?",.. HELP_FAQ_SECTION_TWO_CONTENT: ".

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3046
                                                                                                                                                                          Entropy (8bit):6.142381589154048
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cjEUAb0CTgSztJYMreb0j9ruR/o0v5uJufDeQO1LDohNp+i6Zj5dCQU8+N/Sog5:cjpAbxT2Mru0p6R/TBmWDVMz7fU/N/Sn
                                                                                                                                                                          MD5:074DB446200882DC25777107B6384B08
                                                                                                                                                                          SHA1:FEF487B0C540A925C08098FA9331EFF94B4A69F9
                                                                                                                                                                          SHA-256:D959C314F52F516351B042A629153D4883B75A344DF6E3606D390DCF46A061BC
                                                                                                                                                                          SHA-512:C8F4DE094CECF6B1DF5568C6CE88917583F9FDEA1CE2203A90F7611C08012393C4FDF70DFA62DCE3E0D5E7249C5197D13F0B89358D2FA44FC19E2073BAC2AAF8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "..... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "...........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0} ..................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: ".....",.. SETTINGS_SS_OPTION_ALL: "....................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "....... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "....",.. HELP_FAQ_SECTION_ONE_HEADER: ".. {0}.",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ..................",.. HELP_FAQ_SECTION_TWO_HEADER: "......... {0}.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3708
                                                                                                                                                                          Entropy (8bit):5.703528964625756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Kar2MPa6uw0VE2HYP9ouKQaMF2B8KVj5YVj8L7:K8zb0VE24FfKQXF2B8a3
                                                                                                                                                                          MD5:3494487177BC568440687E563727CD20
                                                                                                                                                                          SHA1:6BD9A3866BFB06BB24653DD0D172E6BF16F99137
                                                                                                                                                                          SHA-256:13B6F42AE50C82C7CFD663E611CD164C9648AFF45254A656A0864E0399925FD8
                                                                                                                                                                          SHA-512:917972BC21446EDCD94DA6A51E2E55339C044E6B0213EEEE0B0CD3404430C33B855DAD459E61A082904BAB1EFA202063B0DBDF24D3AC6461E152BBFB55C173F1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknut.m na mo.nost {0} dokon..te nastaven. programu WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nejste si jisti v..e uvedenou zpr.vou? Bu.te bez obav . va.e soukrom. je v.dy na.. hlavn. prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Pokra.ujte kliknut.m na mo.nost {0}. U. to skoro je!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "P.i p...t.m vyhled.v.n. budete po..d.ni o proveden. akce {0}, abyste dokon.ili nastaven. funkce Bezpe.n. hled.n..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponechat zm.ny",.... SETTINGS_OVERLAY_CONTENT: "Klikn.te na zpr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Bylo p.id.no roz...en. McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otev.ete nab.dku prohl..e.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3577
                                                                                                                                                                          Entropy (8bit):5.4381316543356615
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:AqjTIrwTeQCMF0yt0nWmumEbX0B57Oye2wos/ctmwufpsdb4jHpsd9rijTl69:JIsdCMYnWmnEc7FxtmwipsGpnm
                                                                                                                                                                          MD5:28EA768E62D0CECAF2A798C26713AAE6
                                                                                                                                                                          SHA1:FBAE91590AD6C25E08CE6B32B8D3F5C2BE265955
                                                                                                                                                                          SHA-256:702DD8ED83AC00AB37A10D67EEE210304C8E4F668FA105EC10421AF1D0E2B04F
                                                                                                                                                                          SHA-512:8E5CD8B418FB47AB97BE7528C6DDF90A30ACB10A7532427D699B1E119E1CACE0D348F0C003DCCA8E42B5BB64622C80E3FD910CCA669A4F935F482E8C79558A28
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik p. {0} for at fuldf.re konfigurationen af WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Er du i tvivl om, hvordan du skal forholde dig til ovenst.ende meddelelse? Bare rolig . dit privatliv er altid vores h.jeste prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik p. {0} for at forts.tte. Du er n.sten f.rdig.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "N.ste gang du s.ger, bliver du bedt om f.lgende for at fuldf.re konfigurationen af sikker s.gning: {0}",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold .ndringer",.... SETTINGS_OVERLAY_CONTENT: "Klik p. meddelelsen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-udvidelsen er blevet tilf.jet",.... INTRO_OVERLAY_CONTENT_1: ".bn menuen i Edge for at konfigurere Web

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3813
                                                                                                                                                                          Entropy (8bit):5.419432609242921
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:KClwI7loU8z+JpKGZVp978ACtA6YI2l46D6sITl2klcuu:KUToUfZVp978AmA6Rw46D6sIp2+I
                                                                                                                                                                          MD5:C214253921C6E52DCD0AC6FF79AADD47
                                                                                                                                                                          SHA1:A3471DD61C1D67DD2F02B26C4173EDA5DE64DDA6
                                                                                                                                                                          SHA-256:CD77F017C8445C5C7F6DD2C4052F5EA18FB0945E85754E2AAAE4B8A4D26C258D
                                                                                                                                                                          SHA-512:3C9E6E2A9D56A7363729A21BCC902A5D914884EBFC81FA53F886DF88A52DDF23CA3478CB267E3F4A093EB96F49541DF58F83320231AED0DA8D07F9A43254E088
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicken Sie auf {0}, um die Einrichtung von WebAdvisor abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Sie sind sich unsicher wegen der oben angezeigten Meldung? Keine Sorge . der Schutz Ihrer Daten hat bei uns h.chste Priorit.t.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicken Sie auf \"{0}\", um fortzufahren. Fast fertig!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bei Ihrer n.chsten Suche werden Sie aufgefordert, auf \"{0}\" zu klicken, um die Einrichtung von \"Sichere Suche\" abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".nderungen beibehalten",.... SETTINGS_OVERLAY_CONTENT: "Klicken Sie auf die Meldung \"{0}\".",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-Erweiterung wurde hinzugef.gt",.... INTRO_OVERLAY_CON

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5373
                                                                                                                                                                          Entropy (8bit):5.070299580240164
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:E8VKRGASgEB4JcgBf05IdgKDy/ZZnEX89+92w5vzLz2Ww9xVH1pxvTSFPolGbBb+:PKUYel5agUIM392dF9xVV/vT2Kc9xKUa
                                                                                                                                                                          MD5:BACBC1D5E0914A3C6AF3F48AE3342A74
                                                                                                                                                                          SHA1:263AAF299F5EF7E6B07BEEAAB545CF879849920C
                                                                                                                                                                          SHA-256:1BA38788D09FE24CA410EA52478D47C68AF479DC07EC9D73EC0ACB0D7CCD062A
                                                                                                                                                                          SHA-512:A17DAEB1B3B9E379F09CBC5AE71199D1C8E1EB6BC79B974C70F3A22CA8CAB303A76EB025BCB96A91C77961E899C61C51BC1362151410B79DB0AAAEE2EC009AE3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "..... .... ... {0} ... .. ............ .. ....... ... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "... ..... ........ ... .. ........ ......; ... .......... . .. ........ ... ..... ..... . ...... ... ..............",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... .... ... {0} ... .. ........... ...... ..........!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ....... .... ... .. ...... ........., .. ... ....... .. {0} ... .. ............ .. ....... ... .......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3473
                                                                                                                                                                          Entropy (8bit):5.459958570168688
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:hX+nTmLZpNvS6qfKmtBBiNgsbjBLNZoIJon512xyQy6ihdt7+Jb:FpfqfKwegw7jen2r
                                                                                                                                                                          MD5:F1541B7543D1B58F8450D90F26C8A1F9
                                                                                                                                                                          SHA1:C60F2CC25705314748F15DD0DB4370C0AA1BE60A
                                                                                                                                                                          SHA-256:15E645C99927E9BC5144F85748198A66F20E521EEFAA07680C22751C25A03B6D
                                                                                                                                                                          SHA-512:ADBFBBC5C52D41C11EB1E6AC1CDD86697DCCA60D867135002115F55F7E0A481B4C964F9B54E2FE69F99F106CD2782FCA200D1FFF5825BA67A4262A8B07D7E7BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Click {0} to finish setting up WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Unsure of the message above? Don't worry &mdash; your privacy is always our top priority.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Click {0} to continue. You're almost done!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "The next time you search, you'll be asked to {0} to finish setting up Secure Search.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Keep changes",.... SETTINGS_OVERLAY_CONTENT: "Click the {0} message.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor extension has been added",.... INTRO_OVERLAY_CONTENT_1: "Open the Edge menu to start setting up the WebAdvisor extension.",.. INTRO_OVERLAY_CONTENT_2: "Avoid risky sites while you browse, shop, and stream with free web

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3561
                                                                                                                                                                          Entropy (8bit):5.428699764656758
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:795vs3WVLAOOxYqGEsU9b5TaBl/t6/Pv5nQe:7LvKVk3U9tTa/E/PBQe
                                                                                                                                                                          MD5:3C79C69B2C22D26FF28399D34DE7244A
                                                                                                                                                                          SHA1:44269FDACFF10657BB535DEC8A58970363D0ED5D
                                                                                                                                                                          SHA-256:752AC43D21870A09E7758B3F8014BF8795823052480969722D33812A5A91015C
                                                                                                                                                                          SHA-512:D7FAA306590BE82964C9D6808749095685049E59DE66D5F09942B9E602CF9EA2867D2140BECA40AEB2AEF95ECCA9DEDC924C4D9B130B1CEAB398DC69C471A5CC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para terminar de configurar WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".No est.s seguro del mensaje de arriba? No te preocupes; tu privacidad siempre es nuestra m.xima prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. Ya casi has acabado.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para terminar de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se ha a.adido la extensi.n McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para empezar a configurar la extensi.n WebA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3447
                                                                                                                                                                          Entropy (8bit):5.410709621150699
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:78BzdBs4G8LY3WBrDACAOuN0/4L9U1m4yxO2loA5nAQ1m4M0j+wbTcO1zPOE+sQQ:7qs4c3WBLAOuAd6j9bTNbOEQyNxe6x1v
                                                                                                                                                                          MD5:02E227C0A2260F7811015371C94BE888
                                                                                                                                                                          SHA1:3AC50CB97E7896022C8F0B2AC0F43C1560D9E54B
                                                                                                                                                                          SHA-256:EDFC8AC3A79DF1E6926F9C12B1DA2E84BAF4788F4F4FF4CA493B9275F5D1C066
                                                                                                                                                                          SHA-512:84E89B310B57E0D89B5E8664A07C65FABE4CFB14838A44014A6FC9DB929FDBC5D024C4D3796AF93A19F5B41F99CF537295E11A15F62E6139B7B316405BA3083A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para completar la configuraci.n de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".Tienes dudas sobre el mensaje anterior? No te preocupes. Tu privacidad es nuestra prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. .Ya casi terminas!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para que termines de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se agreg. la extensi.n de McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para comenzar a configurar la extensi.n WebAdvisor."

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3511
                                                                                                                                                                          Entropy (8bit):5.432546603738584
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:PNyeWArmSSL0jMwX/Bz7N208N2Kv7qw0qhah7ddaXETuMgPl+5UAeWS/:PMYGwvBz7Np8N7wj1ddaUi145UAm
                                                                                                                                                                          MD5:FAE7C899880D70456F2E2D99A31E7975
                                                                                                                                                                          SHA1:D5FD039F6DDF84D4C023B5866DEB3599340A6960
                                                                                                                                                                          SHA-256:F6EB64989E13613B9D26D008FC19BBD9B7F6B13DF67B1B65EE51F4D28C61A0FB
                                                                                                                                                                          SHA-512:21AF0BB16F1B3DF483D82AF7E18A93010C828CE89479A206B46772A121E0077903116A845821B3252C0B91B96A35A350DC130C28BBFE360CFB9A6DD378660124
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Napsauta {0}, jotta voit viimeistell. WebAdvisorin k.ytt..noton.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Etk. ole varma yll. n.ytetyst. viestist.? Ei h.t... Tietosuojasi on meille aina t.rkeint..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Jatka napsauttamalla {0}. Melkein valmista!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Seuraavalla hakukerralla n.et pyynn.n {0} Suojatun haun k.ytt..noton viimeistelemiseksi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "S.ilyt. muutokset",.... SETTINGS_OVERLAY_CONTENT: "Napsauta viesti. {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor -laajennus on lis.tty",.... INTRO_OVERLAY_CONTENT_1: "Avaa Edge-valikko aloittaaksesi WebAdvisor-laajennuksen m..rityksen.",.. INTRO_OVERLAY_CO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3808
                                                                                                                                                                          Entropy (8bit):5.389338411621855
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:RvCshWLo4LeWU3EWP8/41QYd2WwawjOk51nBXwQw81NimwIu4W8u4kVusr6p:hVt3EWPmWFwawSkpgQNYmwIHbHMry
                                                                                                                                                                          MD5:1F96946C13815EB6CD1E20E44B18A05D
                                                                                                                                                                          SHA1:FC5CAD8B9845E785A269F4D712915F551056B037
                                                                                                                                                                          SHA-256:1795FC59D9BD7AC80EFB6402409DCDD46631D89D74189F702233FFD4705045E3
                                                                                                                                                                          SHA-512:AE3EED80D12F9E03C8D8ABA3136D5022C520E2FE637DDF0714E2DD9A26145C805A93E917C4251C62E363F41052246E609437AA5B329A15694C71059DC30F502D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous avez des doutes sur le message ci-dessus? Ne vous inqui.tez pas. votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin.!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuez une recherche, l'action suivante vous sera demand.e pour terminer la configuration de la recherche s.curis.e.: {0}.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Maintenir les changements",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3820
                                                                                                                                                                          Entropy (8bit):5.393348134441983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:q4Hj53EWP1ww63K2z1gUYmwEF2HfuVHfuf40x:q4HywPUYZ0C2N2f4m
                                                                                                                                                                          MD5:33EE13908D070DBED590450A9815B52E
                                                                                                                                                                          SHA1:25003D88A2F5BC645D0DEFB542CCCAD747961E40
                                                                                                                                                                          SHA-256:1705E86C82B145515126D3FCB4B80A3D493582055DDE8E413487648D6F5107BE
                                                                                                                                                                          SHA-512:BD3FBF1D845F73772D707677C7139A46F4598B4C30D64562B1BE2BF99B9A07253D67F6623E5F329280F04D33187F02E8C53F418EF4F71214F2AC96673E381F10
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous n'.tes pas s.r du message ci-dessus.? Ne vous inqui.tez pas, votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuerez une recherche, il vous sera demand. de {0} pour terminer la configuration de la recherche s.curis.e.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conserver les modifications",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CONTENT_1: "Ouvre

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3559
                                                                                                                                                                          Entropy (8bit):5.502984682934437
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iKtsjv9hNkY6z3qRQRMmCxgFXNNXxXlU201Ii8cb:iKev9I3oQRMmCxgFXNNXxXlv0ii8cb
                                                                                                                                                                          MD5:50D2065FA485C0DD1B43F24FE3C98210
                                                                                                                                                                          SHA1:D9C06221D3B5D7670B4B47247C8E2EB8E170B54A
                                                                                                                                                                          SHA-256:61CF75B4DDBDA34BB10A9F0D3F9EE471E859711F29231887D4FFD03FC5D0590B
                                                                                                                                                                          SHA-512:02839970F247AE48738AC898CEB6EA1C43837E2157846D7AFE289D01EED147DC213E48B2801C3467E858FC7888D1FA74E1D833CA62CAAACE29FF45062C067CDE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite {0} kako biste dovr.ili postavljanje WebAdvisora.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni p.to zna.i gornja poruka? Ne brinite . va.a privatnost je uvijek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite {0} za nastavak. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Sljede.i put kada budete pretra.ivali, od vas .e se tra.iti da {0} da zavr.ite postavljanje sigurnog pretra.ivanja.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Spremi promjene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano je pro.irenje McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni izbornik za po.etak postavljanja pro.irenja WebAdvisor.",.. INTRO_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3871
                                                                                                                                                                          Entropy (8bit):5.605970565233804
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:BjeL2klA7qs9fOpTbYFBbyN6t6rksl9EJky2twp+2mTpT+2:x7qwmJLrksTE74lf
                                                                                                                                                                          MD5:67A92D709F88E2783C8F8AEF7B8B7D38
                                                                                                                                                                          SHA1:A296CB8CD6DFE346B46D17DC74A2580CE68B49B9
                                                                                                                                                                          SHA-256:BF358F095606236F58E0C367FF1DEB87976D9237BEE07DEE30EA83BBBE337167
                                                                                                                                                                          SHA-512:9BC38A71A719809F484B69CEE95BC63A1AAC370B45BFCF588ECBB21DFA56E1CB9DDC7C1ACF9363A9C55CDE622C202D02E1A1A757F29E12BAECD1EE7B6E5DD169
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kattintson a(z) {0} lehet.s.gre a WebAdvisor konfigur.l.s.nak befejez.s.hez.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nem biztos a fenti .zenetet illet.en? Ne agg.djon. Szem.lyes adatainak biztons.ga a legfontosabb sz.munkra.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kattintson a(z) {0} elemre a folytat.shoz. Majdnem k.sz.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "A k.vetkez. keres.sn.l megk.rj.k, hogy fejezze be a Biztons.gos keres.s be.ll.t.s.t ({0}).",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".rizze meg a m.dos.t.sokat",.... SETTINGS_OVERLAY_CONTENT: "Kattintson a(z) {0} .zenetre.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Hozz.adta a McAfee. WebAdvisor b.v.tm.nyt",.... INTRO_OVERLAY_CONTENT_1: "Nyissa meg

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3451
                                                                                                                                                                          Entropy (8bit):5.348340753731105
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:9wwjU923wJglntrSojRUym/tDu477DuKqougwwCZ7JBw/r11Aw+yFGxMfJ/QxM9i:9w0wJWteojRUyUw5Jaw5+/3Aw+ydJPw5
                                                                                                                                                                          MD5:A2CFF2E2DD1598F0A0CA46EFCCCB2443
                                                                                                                                                                          SHA1:76BB9CF06F0D18CC34A816EA354472252580576F
                                                                                                                                                                          SHA-256:BC3199D0C90E4C6D0A27C28D8423C1262D578A9BDDFDC739A18732222C4707E8
                                                                                                                                                                          SHA-512:34917EF5FB1C9A766240E2B26E4EBAE07A3512AA22FB8E07542CCD78E69A769A8AD75BEBBAF0518A5467725B564683C47B9E5CBEECFE6AA5926A7141498E1751
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Fai clic su {0} per completare la configurazione di WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Hai dubbi sul messaggio mostrato sopra? Non ti preoccupare: la tua privacy . sempre la nostra priorit. assoluta.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Fai clic su {0} per continuare. Ci sei quasi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prossima volta che effettuerai una ricerca ti verr. chiesto di {0} per completare la configurazione di Ricerca sicura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Mantieni i cambiamenti",.... SETTINGS_OVERLAY_CONTENT: "Fai clic sul messaggio {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'estensione McAfee. WebAdvisor . stata aggiunta",.... INTRO_OVERLAY_CONTENT_1: "Apri il menu di Edge per iniziare a configurare

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4710
                                                                                                                                                                          Entropy (8bit):5.646354476497411
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5mF9hGIitPqUUJnILJn90N3l3QLzb3Nl3CprHEwPbbDiabGdtiDR9hG3sEl:5mF9hC91nQmLzTNoprH1b3JbctiDR9hk
                                                                                                                                                                          MD5:5E4CDB82DA217D1D4DD72B0872A3BCB0
                                                                                                                                                                          SHA1:F9D6C09464770771ABB54B7D61CF16CD673472A0
                                                                                                                                                                          SHA-256:847D5CFB31F71F7D215D97A12397EBB181B9B5802E0EE5859AD8E94B495BD006
                                                                                                                                                                          SHA-512:BEDD6E357D9BA53ECC7DBFF65444FC498358B96C34163F166C7CE266C1072E0A7ECCA6D4B22A2F569832591D1A8987E9F67D9C9B89C41D6399FF7732991D0A2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "[{0}] ..............................",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "..............................................................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "[{0}] ..................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".........[{0}] ........... ........................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".......",.... SETTINGS_OVERLAY_CONTENT: "......{0}.......

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3733
                                                                                                                                                                          Entropy (8bit):5.890401246526406
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:QYCvdMrjNB9ZGI4BGSS1FdMUB2dgSG36cBJsg57AB2vCC1vyqtYIvdalf:36ynuBGpFyUBkYBJsmcB2ZGQYlf
                                                                                                                                                                          MD5:98C15C14F762399F4FF9F8D9E048F2E6
                                                                                                                                                                          SHA1:2A9D0FD84501DC4093BEE69AA9BC428C9824342E
                                                                                                                                                                          SHA-256:8FD50E1A9DAD1A6EEC53060E74F049B1CE96CC982024647A0B0B6A8725C333EB
                                                                                                                                                                          SHA-512:1BC5742DF9A125D2DEF86D8005E87B9EA79378539215B58D36E93D519B01DC5532E9E3D1D3957A08E252C19AD68D048426EBD73BAA13896C6F144D278A88CBC3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "{0}.(.) .... ...... ... .......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".. .... .... ......? .... ..... ... .. ... .. ... ... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... {0}.(.) ....... .. ........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ... . {0}.(.) .... .. .. ... ..... .... ......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".. .. ..",.... SETTINGS_OVERLAY_CONTENT: "{0} .... .......",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. ...... ... .......",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3225
                                                                                                                                                                          Entropy (8bit):5.454970547992806
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:JQjwncYXavDKvukfwlPpu1pHSTpJMpGqZn:6jwW5p2pHYpJMpGOn
                                                                                                                                                                          MD5:E7D31466659BFE662A74A3EBFC1115F7
                                                                                                                                                                          SHA1:C8ADCD390083C649C941FA41AA921A9C9D08A08C
                                                                                                                                                                          SHA-256:25F12BC56B2EF7010C71651B02B81EE7B3905D2F4F33C78C8E2E40490CB1C81D
                                                                                                                                                                          SHA-512:888BF572B035F9E9994901C43418A189D9BE4035F3124A7C03E33E470CB2B2BD9A08BB9C749AC1F0A9F0CFD6AC150119D7F9A6B0153EB70C3BEE2110912483E0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klikk {0} for . avslutte oppsettet av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Usikker p. meldingen over? Ta det helt med ro; ditt personvern er alltid v.r topp prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klikk {0} for . fortsette. Du er ferdig om et .yeblikk!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Neste gang du s.ker, vil du bli spurt om . {0} for . gj.re ferdig oppsettet av Sikkert s.k.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold endringer",.... SETTINGS_OVERLAY_CONTENT: "Klikk p. meldingen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-utvidelsen er lagt til",.... INTRO_OVERLAY_CONTENT_1: ".pne Edge-menyen for . starte oppsettet av WebAdvisor-utvidelsen.",.. INTRO_OVERLAY_CONTENT_2: "Unng. risikofylt

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3315
                                                                                                                                                                          Entropy (8bit):5.3846972061624845
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:hYNSUmrH9+LhVyH81/nxxM3P7zLFSOXYNXwBxrcB5w7qTF951eUq5j6YUNGUFUO:qWoM81/3czLFLYNa4BO7qTB38/pO
                                                                                                                                                                          MD5:3CDC10A95FF36F2FF2EADEDF828B80F6
                                                                                                                                                                          SHA1:A77CCEBC0430740856E958119D42DC2A60B0C21B
                                                                                                                                                                          SHA-256:5B368A6EC4FD691B3EC759F9A8EF06573343BE0562616A6A9A43B64A42160C38
                                                                                                                                                                          SHA-512:B76FF410AFCB6C98975F300AC6F2FC05381B56E33A6A4A3119075A12B978FB3D4D7C0156290D29C838C7601F2A6030FB1FB67B2AE13CB5200E5C40947E7F7690
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik op {0} om het instellen van WebAdvisor af te ronden.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Twijfelt u over bovenstaand bericht? Geen zorgen: uw privacy is altijd onze topprioriteit.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik op {0} om door te gaan. U bent bijna klaar!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "De volgende keer dat u zoekt, wordt u gevraagd om {0} om het instellen van Beveiligd zoeken te voltooien.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Wijzigingen behouden",.... SETTINGS_OVERLAY_CONTENT: "Klik op het bericht {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-extensie is toegevoegd",.... INTRO_OVERLAY_CONTENT_1: "Open het Edge-menu om de WebAdvisor-extensie in te stellen.",.. INTRO_OVERLAY_CONTENT_2: "Vermijd risi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3592
                                                                                                                                                                          Entropy (8bit):5.652266864021974
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:UMCvtaaOZWKfNNz9KqIbQUZW9TRNcWRlP+im+oS+oGIUwI0qUIX:UMC1aaOIxbQUI9TRpR95mhShnUB0qUIX
                                                                                                                                                                          MD5:62917B9DE7549FF092647AE612BE657A
                                                                                                                                                                          SHA1:3F37A32CA957BD472ED8A9579F68C95436B071E7
                                                                                                                                                                          SHA-256:113358A4B5D1A9AA51848B0B1DC07DB55CB875EDF03D3AEA4334505A8436716C
                                                                                                                                                                          SHA-512:AFB1445443A148A74873D3FF9164B9048564EABC112F996C2C1B30FC34F9FB755AB02EE245A8C6A76292F9F13437F3D785870ACA5F92BA11C003A295970CFCC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknij przycisk {0} aby zako.czy. konfiguracj. funkcji WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nie masz pewno.ci co do powy.szego komunikatu? Nie martw si. . Twoja prywatno.. to dla nas zawsze priorytet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknij przycisk {0}, aby kontynuowa.. Ju. prawie gotowe!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Przy nast.pnym wyszukiwaniu pojawi si. monit o u.ycie opcji {0}, aby doko.czy. konfiguracj. Bezpiecznego wyszukiwania.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zachowaj zmiany",.... SETTINGS_OVERLAY_CONTENT: "Kliknij komunikat {0}",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano rozszerzenie McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otw.rz menu przegl.darki Edge, aby zacz..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3368
                                                                                                                                                                          Entropy (8bit):5.411669618684015
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:tBRKXbIv/U8cc0dGvgObgbIc1JS+RUkf8gy:tg8ccqsXcPSsUkfDy
                                                                                                                                                                          MD5:F3E28D951D1347B5A8E92C686628CB32
                                                                                                                                                                          SHA1:9F76F49E5E1BC175194C714953A69C89E2544814
                                                                                                                                                                          SHA-256:F14E02B7D183DE9DFBE613E62C1D95AEC35C79B85E6DD4A0D2BC5FC90A775C49
                                                                                                                                                                          SHA-512:4AE8B5A92287AC1A0AAE979D478C6CFD5AAC0765165CC26A80074C92A71D718521760778D581D9ACC6C4125ACB905F299EC9DE14CC19C88E0F73F42765BD25FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o entendeu a mensagem acima? N.o se preocupe . sua privacidade . sempre nossa prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase terminando!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez em que pesquisar, ser. pedido que voc. {0} para terminar de configurar a pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3444
                                                                                                                                                                          Entropy (8bit):5.414333938149512
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:tcgHxIKIF/UyvFz7d+J0b5H3JgJSgnD2L+vl:tfHzC/V15gggnD2Kt
                                                                                                                                                                          MD5:25E2F44C6CD133B099B9F49FE1E60070
                                                                                                                                                                          SHA1:7DE934C907E2286A9CDF98E0F1EAAC95D301ACF9
                                                                                                                                                                          SHA-256:1A96F565DBEA0224CA713BA4869BAEE11AFC04BB9A796E7615FC31BB1ED2740D
                                                                                                                                                                          SHA-512:D69ED7B55A8E9179AECC3F9ACFF7C9E0C65E3E2F240FDF17C52E473E8AA52921B0B6B2F79730F45AB246470B95798C2B72D4780F8CE317AFA1B32F0FC0DBF003
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o tem a certeza sobre a mensagem abaixo? N.o se preocupe: a sua privacidade . a nossa m.xima prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez que pesquisar, ser. pedido {0} para terminar a configura..o da pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem de {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o do McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4888
                                                                                                                                                                          Entropy (8bit):5.13322206660522
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:km1cmOcoujLEUXirQfZVaSy/lcv8xv0pv6eyH5Z6LX6L0YA5ANvPuYV1kwgkebON:bSP52Z7Iqv8IvzSt/vPuYV9gkbEYZfB
                                                                                                                                                                          MD5:8464FBF4B026D2ED80F0C4C406E7DB03
                                                                                                                                                                          SHA1:B1F71D1678AD41C5213AD0789382C1918BCF33BC
                                                                                                                                                                          SHA-256:498A6AFEC80C15A24AADEDB4DFA19F2ED0E406E2340E629FCCC0B7543779FE79
                                                                                                                                                                          SHA-512:06490FD967349776FC20B1D2F885DBA5D8C5294A0C46E670D391734AE6A37506A692E471B72840CFC644658AB2E921C0F523F82AE374E72E2B866C1526EBE1DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "....... {0}, ..... ......... ......... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "............ . ......... ....? .. ............, .... .................. ... ... ....... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "....... {0}, ..... ........... ..... ......!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".. ..... .......... ...... ... ..... .......... {0}, ..... ......... ......... ........... .......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "......... .........",.... SETTINGS_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3645
                                                                                                                                                                          Entropy (8bit):5.654582138744028
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Za1q+c5nLPgGcp7rGEaqHNGXaGWSnEBCh:Za1CcGcpPGEaoNGXaGWSnEBCh
                                                                                                                                                                          MD5:D10BEE9E2F24452E61B7A38AC9602318
                                                                                                                                                                          SHA1:36FD48D7854941D6FEA720879521870C443BD773
                                                                                                                                                                          SHA-256:5A8F4621170505932A81F6542DB54ADE13C822689D4A3C488CE306B2EAE2CB62
                                                                                                                                                                          SHA-512:F2CE9C24A0719F3FD919B5A63DA614310034D6810A605123D24A81A0017EB3EDBF3A675A7DE8689DBD715F9D23104396FBFC13062133BF91A9162A2DE7A7270F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na mo.nos. {0} a.dokon.ite nastavenie slu.by WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Neviete, .o znamen. uveden. spr.va? Nemus.te sa b.., va.e s.kromie je na.ou prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na mo.nos. {0} a pokra.ujte. U. to skoro m.te.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Pri .al.om vyh.ad.van. sa zobraz. v.zva {0}, aby ste dokon.ili nastavenie funkcie Zabezpe.en. vyh.ad.vanie.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponecha. zmeny",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na spr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Roz..renie McAfee. WebAdvisor bolo pridan.",.... INTRO_OVERLAY_CONTENT_1: "Otvorte ponuku Edge a spustite nastavenie roz..renia We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3448
                                                                                                                                                                          Entropy (8bit):5.5258323663503175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:bOKu5rhXVaOiD7jvSrPKPq/BhedVJDBDKOTV08Eyj8GmS4kSOhi7ICcX7E0o7X7D:CKwa7ruIwBho7Pjxm+FhiJcrERrEzt92
                                                                                                                                                                          MD5:DB2429854408F47C39CFF58EA2234126
                                                                                                                                                                          SHA1:660AD2F6EE59019DAB2A4AFA3024BC13E88ACA4F
                                                                                                                                                                          SHA-256:195CDCA022E9B3FEDEF21654E14E2248FD03619D31E005D33F96A3EB0DA5EB16
                                                                                                                                                                          SHA-512:14647E139504DA336355937B1BF2290D7D0F3EEB69A8F6C7A6362C2D3056157A7CAE900AB7E75EA27950E7D0B8587C5C93295BA48605C0668790E3E9C7F0B620
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na {0} da biste zavr.ili pode.avanje WebAdvisor-a.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni u gornju poruku? Ne brinite . va.a privatnost je uvek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na {0} da biste nastavili. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Slede.i put kada budete pretra.ivali, od vas c.e biti zatra.eno da {0} da zavr.ite pode.avanje bezbedne pretrage.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zadr.i promene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodata je ekstenzija McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni meni da biste zapo.eli pode.avanje ekstenzije WebAdvisor.",.. INTRO_O

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3419
                                                                                                                                                                          Entropy (8bit):5.535488804632093
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:XLtr87bPTBKfvmX6L9AvAMbEFGt9M+WRRZJ1aq3CTCc2ZeGd6J:btkPdKfvLLGS3NDZje
                                                                                                                                                                          MD5:F5C16637BF72EDD5743D0C5F3D6117CE
                                                                                                                                                                          SHA1:2748DB9C7C37737CAFD521B7CF2A67A719FB3E15
                                                                                                                                                                          SHA-256:9DBE42068BEFCE8987CCFF69EB582A0BCFF6F16C04CF471F4320F59AF5266780
                                                                                                                                                                          SHA-512:639FD3D8B7F588BB7796BA59BD90DFE7515FC5A5358EDB0051B47CD14C4EE69FD26E707AC74236C573245BFDD6FF4283FCED919EF4C38A740941650D9057CC43
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicka p. {0} f.r att slutf.ra konfigurationen av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Os.ker p. ovanst.ende meddelande? Oroa dig inte . din integritet .r alltid v.r h.gsta prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicka p. {0} f.r att forts.tta. Det .r n.stan klart!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Du blir tillfr.gad att {0} f.r att slutf.ra konfigurationen av s.ker s.kning n.sta g.ng du s.ker.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Beh.ll .ndringar",.... SETTINGS_OVERLAY_CONTENT: "Klicka p. meddelandet {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-till.gget har lagts till",.... INTRO_OVERLAY_CONTENT_1: ".ppna Edge-menyn f.r att b.rja konfigurera WebAdvisor-till.gget.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3505
                                                                                                                                                                          Entropy (8bit):5.560477366213013
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:8gTrSRlazqTSoc8T4mq+pxP3yfK2XsCzjW3A/O20q3kJ:LMTSzUtCBwDJ
                                                                                                                                                                          MD5:DE09C051CBC5D0A16DE9646EB1DD573F
                                                                                                                                                                          SHA1:60676A3E60A7B84C021BFA46D897C294E4948CF1
                                                                                                                                                                          SHA-256:F6245E1A4A8B807F1782B5F38A7E9B21D9FD8076AECC2180663CC1594402E9AE
                                                                                                                                                                          SHA-512:62774122610B9237794AC5A1FEF3B228FA1211CCAA73A095B903EAB3DAC2643A01ED1EDA63B5045DA74208E57D002917C7756C1D47D8A3BAFD9EA14F313DB7A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Web Advisor kurulumunu tamamlamak i.in {0} ..esine t.klay.n.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Yukar.daki mesajdan emin de.il misiniz? Merak etmeyin . gizlili.iniz her zaman birinci .nceli.imizdir.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Devam etmek i.in {0} ..esine t.klay.n. Neredeyse bitti!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bir daha arama yapt...n.zda, G.venli Arama kurulumunu tamamlamak i.in {0} i.lemi istenecek.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "De.i.iklikleri koru",.... SETTINGS_OVERLAY_CONTENT: "{0} mesaj.na t.klay.n.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor eklentisi eklendi",.... INTRO_OVERLAY_CONTENT_1: "WebAdvisor eklentisinin kurulumuna ba.lamak i.in Edge men.s.n. a.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3122
                                                                                                                                                                          Entropy (8bit):6.212538664409796
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:6UrfcU6lnW9tyEQeLJrcwfrZaq0KSVnUUJfQpr1Z8y:6UrkF0t2excYzSVnUU9Kr1ZZ
                                                                                                                                                                          MD5:945847BBCB1913BC9C9D5A165DB0F995
                                                                                                                                                                          SHA1:F2BF3225E8B318BC8A1FBF68BE20CBBED4864167
                                                                                                                                                                          SHA-256:38674F155AC95729FC671ED29B48AE19D69FBB0D6EB6A2BCAE49E19F39D4D3C4
                                                                                                                                                                          SHA-512:A72415C4BA1530063EF7CCBDB3934DD746944664ECC29A40BA1CCE4CE584A0EC65D3995E9FEC1195A3069CB39EAF81D95F8E000D509E0BDC501EB2C220735877
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: ".. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: ".. {0} .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: ".. {0} ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: ".... ...........",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ................",.. INTRO_OVERLAY_CONTENT_2: "..........................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3232
                                                                                                                                                                          Entropy (8bit):6.28804097658073
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Fnm6KjBr0E5eC+WKA4DKoYwWAV85brkeUwmxm3VBpRBpG2m6xCG:JbM5dtKPDVfeZrkRwGm1pDbB
                                                                                                                                                                          MD5:04F2F159FD84A76DAAA10031A812ABA8
                                                                                                                                                                          SHA1:15B3F23697F56F0F0A1C4079E24BA050145D19C3
                                                                                                                                                                          SHA-256:D511D934188402B3919DE4C77617E3C5FA5C52F5B542789BFA0A811840BFDA07
                                                                                                                                                                          SHA-512:7E8EEA213CD528F52A6F4A143E2C06CA200E02370577004C11024452E72C48AD782578FE8FC5FCC5EB0D17F07E0B164C032FA286001C8A58F0D2BA17A27927AC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "... [{0}] ... WebAdvisor ...",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "... [{0}] .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............... [{0}] ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: "... [{0}] ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "... McAfee. WebAdvisor ....",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ........ WebAdvisor .....",.. INTRO_OVERLAY_CONTENT_2: "...............McAfee .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.483185986771839
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHP2cnmsWmQjdp:CRsyeBmWfV8ZSXSH7msWnxp
                                                                                                                                                                          MD5:8A55E0A184A07C8A6847AEF2A3480C2A
                                                                                                                                                                          SHA1:A0AC4E07A3DC7D69A6DE0CE5C18CE13FD57DD84F
                                                                                                                                                                          SHA-256:856B51574ADF626B7190520C9C03441B4CFBEC34E66AE3270B6BA3A89A270764
                                                                                                                                                                          SHA-512:A71AA6EF132A4C87B241CD268C3861DAD729A112EB60FBD2D0DCB9F8FFD3AF223DA13BC443F5317C77AA2D85A90F9226CB281032737F9999549507F79A15FE9D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//779B7FF97A347B2B60B9C695E9510C17D732EBB76D59FB261483CFA334C621BE432AAB53CC8D1E9E3D32EE1F9DE1586783006FB0F10AC2E82CFD3DCE40D484F1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.470363467852289
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjaLch8jQo3R/Jis:CRsyeBmWfV8ZSXSHj+Jjnt8s
                                                                                                                                                                          MD5:68CE7E2CA2C47EFB97C447E9B1555BD6
                                                                                                                                                                          SHA1:B0F3ED0ACA62EF41D101BCEB756565E70B541F5D
                                                                                                                                                                          SHA-256:F6BEF1984BED66D908CD004B9B9D07CF00BA3DB3C169B17D672226633875CBE6
                                                                                                                                                                          SHA-512:5E990CA464B56A08F0023FDDC197184283B847DEA21DDA98A2473098B643BDB5B88DEAB352FCB647AB0AA6FACF080469A0D3A7361168C74D44D18E68BC53CF45
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//C58CD5D0DDDA0BDC3DDF95C3EA647DCF210034D40B8A2B3C776FEF41796B0E506655473CC23984412910551A66AA79BB51A1AA5DC1EF9BDEF91A3545A14F32EE++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.464304293445782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH9gycgUUFoNaG5:CRsyeBmWfV8ZSXSH9gycMoP5
                                                                                                                                                                          MD5:C7B219EC86DC401B23495DF92086686C
                                                                                                                                                                          SHA1:64AC08BCC0E0F74D003EB965854B68F0CF7C396E
                                                                                                                                                                          SHA-256:209FD86CEE00B85E500254C88FF405C5BFE10D324B0ED5E8D65ACA037ACD371B
                                                                                                                                                                          SHA-512:86BEA1580AB20D690A99D6AF5D9FF6B9AAA5BDFED5E0FB42961E6ED23D44E4A7F89919031F614242C2B95A600B57A9B6EC60555D9927263B6F37727A3BA30112
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//11871E1444B5EFB64FDE040E276FDD5B610839D185910EB29BBAB0ED1DEE4C24CAFBB75A5B372E4ABFAEAA47CC45C0D31EF9508B835F6CB656F85E78CF829BFF++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.476492001999947
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRNuSwTu0GYOjW:pCPR+2cyeBmNEfSU8ZpoXSHquSXxyx99
                                                                                                                                                                          MD5:56ACFC1DD811AD98D55879ED590E39A4
                                                                                                                                                                          SHA1:5E5AE245F1600D0AA8F3C00C3DD1CEC41FF12981
                                                                                                                                                                          SHA-256:2577A8EC6214327D469C6947FBEE3F627B5F1A1C7AAE6DAF79B61790DA402724
                                                                                                                                                                          SHA-512:FCE2EAD90CBFBC2CFBA7842FD273EA9BB286E35B9C755A058A72E4ADC77FCD3CA1F4DC2932AD327BD1706FA02062A78D72BE3EBB2BB270E17EDF7DA66DCB9594
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//10A2AB7B43469BA25D1F69F13AB4C89B1A6A923B76FA2735C6BBFD3E1A30A4900FB12D4B2255D5ED08309C091724C51DBC83AC985FFC5D3B909DBD20E9BC0D53++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.483670313619899
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH280rSTVY3hd3:CRsyeBmWfV8ZSXSH+rSTVMh1
                                                                                                                                                                          MD5:100F55A1A3DC968EFC26DDE73747FD87
                                                                                                                                                                          SHA1:9DC3BBE79C82004FA1415B216D636E8C352779E1
                                                                                                                                                                          SHA-256:7FD3C0E53C3CA5902FCE6D3C55E511EB29B9E1E4AA7CCF9610D692B194673EE5
                                                                                                                                                                          SHA-512:9011528745B64B61DCA221AD55409B7F6D00195F47FCAB9384B467DAA6D10C398AADCFFB91B10C3C028C6E704A3EE1FD3ABA87F9579679CDB1C7519ADBEC4147
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//538533566FD1B9F5834362C7400758216C8737D085235B9E67B16E51DBE93F49D97847BE5BEFFEF8FA52BCD4E329FB7F8924585922B952AFB50DC98B8D5B6A8F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.4774614387651965
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHd8XIrv9tOYgEoj:CRsyeBmWfV8ZSXSHFrVwnj
                                                                                                                                                                          MD5:5A402B5245FB541EA65C3C2ED575CF07
                                                                                                                                                                          SHA1:30DA35F4D0ED12EB4CE927ED38D3F864EA2436B9
                                                                                                                                                                          SHA-256:37D1E6393D86A7C8CC3888DD52FA30144F1A25831CA70716353CFEB005289BB4
                                                                                                                                                                          SHA-512:6027308D33D201A298C5F40ED2ED375D99DB86ECE763B02AE460F78FE4A53A6724FF172E9A19C7FAFB5F1C5D3386ABD2496B0827AFFA9CF3F2F7493198380ADB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//49EF530EB3DA9A6889B72D369EDA9388CB601DD1B256148A7BCA5F055B02F4FAF8794A168DEDFF4E313D64C58C08D434E98B5DB85FA187BAE38D567DD473747C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.46410718057219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHnNgHIUhZyMB7:CRsyeBmWfV8ZSXSHnyoUhZj7
                                                                                                                                                                          MD5:F11DD951A4A0FEEE66F504B6F4A9E050
                                                                                                                                                                          SHA1:5479885497E55472DF16689E2A72431F3EC65A90
                                                                                                                                                                          SHA-256:CAC7FCC119F603D3209E606A13D4A8CCE1C1E7A4AF7986BC9762D01BA32D8D16
                                                                                                                                                                          SHA-512:766B7F15C6B81B35612E24354D852E0A2FD1E6BDE9B848501BE5EF3B168A425F7CE9E716C622B1FC2DDCF1D8FA677145DDF3BD582A6E09EA2559FB25EA8B19AD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6DBF9FBB37BB8547C23A00B408DFD5CBB8C9AD32D4D729539ACA64F0791E5891CFFBF35FDDB73A87B691112CA5BEB7DCBE008B8FA383F9DDD360293CA3E873C9++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.492592530316645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHQSDBMtCIQB3:CRsyeBmWfV8ZSXSHQSlxB3
                                                                                                                                                                          MD5:D27E51178B6CB12F7E2F723D058A9A1C
                                                                                                                                                                          SHA1:5F9389CC1B9D99C23FDFFD79E50EEDB3FC324671
                                                                                                                                                                          SHA-256:7E441138B08DB093B139815FB3E21D3809188BCF79CB4A1AE713A252BDEFF4DF
                                                                                                                                                                          SHA-512:8F9EBB48F37519AD08590B8BFDA8B499B176B7F9AAAFBCD3CF26CAAE03E17EBAAD3D8A55C9AB1B60BC8004FD7B7A319B98E5452AEA2FDF62630FF30B06A9536A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//96448B1DF0CDFDEFA2055FD03D1354E1DF3B828E0A83026E0FA0FA0A300FC1F397F87814BF7782828DD4CA6AD45F73769B2A1461592B39597D2F9ADF7BAF8A3D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.4578323481596085
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHXNMt3vgmdO:CRsyeBmWfV8ZSXSH9tn
                                                                                                                                                                          MD5:69D6F26C5B12666C309F63AC3B2CDC80
                                                                                                                                                                          SHA1:961FD14E2295D0D607D94DDF49C6B45CCAFC52D6
                                                                                                                                                                          SHA-256:BB3EB893857EC7C6660E5C0DF53E9D08EAE83E65DD1CFB0F6C862C5B278DBE5D
                                                                                                                                                                          SHA-512:DCDD6E6120E897CDE77A049415F2509CE6FDB6AC02FB1B54366A16FCCEBE51DAA3CBF5A4FBF67582C8CA077A7226DD2AB07C0DA7DA98B70261C7BE8E95AF8778
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B825D07F236C9CBEAE089DFBF837BE2C3EFB400BC36D743EA83BD789EBF2609F9B75C5460DC4C2BB358D2EB01E04AA63BFE05A937DFAE33DCC2104C717AFD4E6++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.46207116731783
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRndCFqWf5h+rk:pCPR+2cyeBmNEfSU8ZpoXSHtFqg+rv5G
                                                                                                                                                                          MD5:2E6FCD5DDB734322FBA066499382B954
                                                                                                                                                                          SHA1:8736E82A7E77E09A9DDA64302FF55312D439C6B6
                                                                                                                                                                          SHA-256:5765AB76060D562767F40D35822052B85F3D171D32478821B15E585E54C095DD
                                                                                                                                                                          SHA-512:5A653BB7CC863387FF6D2B150E5F04CC5B452E4B37B75FF0EDF8C8EC76327C56F67C14C36AA067470942D80EE3F267F0A088484091C445A826E378206E85E50E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//48FC58BE02F6C12E9428DA51AE23662687C2F8DE207F3C277B89099A62861089EB66F2E94EA5DBC3DCC826FB5CFB7D6A02E9E532B35D13BDAD1D0DCC952D2399++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.456480118474768
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHORfkjyhh5MGigjqX4Sh:CRsyeBmWfV8ZSXSHORfn4GiZp
                                                                                                                                                                          MD5:5EABA7C98C02265CDE1FB5EBF6CF9A40
                                                                                                                                                                          SHA1:A4ED9BDCD9490BC4CC60E2743ACFC87B9E3EE693
                                                                                                                                                                          SHA-256:1DB2AC3D031C03426CECF0C8A2B92578888DE604E62A5F2D642CA9EA9C3D3366
                                                                                                                                                                          SHA-512:B456E348FB0AAE0CEC76D09DE428444649A2D5D8FD3F05E59DFDC6D1F7582000965893E2727FE149DD5A1A0FBA184B34CCC7FE62C30A1977A17A5EE1D720DC8B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//EEEDE7711DCA6590F99E7AF95AD32C88D88FBF57A6199760608887CCD2D9241AA15A8BA3CF78716E2DC1450FFF5FAB81AFD2799AD25FF38FC95DFEC736A28277++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.485651449071428
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHerozhKnCvwgF:CRsyeBmWfV8ZSXSHerC8Y
                                                                                                                                                                          MD5:4CFBA2943AEC00CF3AC0F668DEEFAE1C
                                                                                                                                                                          SHA1:B5D9BF4A8CE44999FBAF7A98758D587EC1016879
                                                                                                                                                                          SHA-256:890E743E14006E8489157356D99D29D4F01E27CA283858AB0D84098BB522964D
                                                                                                                                                                          SHA-512:E6CF38772EFBA67A5CD6ADDDBAB3DEE8E9D9F2393EFBCAFB6F14C4B10A1A6D3C6C1ED633C9EAE3361EB6E1DEBB11912F6F225A88A3186C4DB08016E2311648C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//90EB780E16E8F65109458C1F86600208E13B07963E86071D5A9E1A29BFA4207CDA49DB66B367C3E4988699E55FB4094BC3F99498D5A8DE1CF9EDF62B86324A02++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.4743818470449295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHoUlTvHcx1CTd/gQyO:CRsyeBmWfV8ZSXSHtycWQd
                                                                                                                                                                          MD5:BDFF501C8E0FD793C9BB763D9C80CEDD
                                                                                                                                                                          SHA1:F1FB7F3E9C7856094869D1AF2A73AF8457DD47BA
                                                                                                                                                                          SHA-256:57E0D1E58AEDBA759D4C2FCFB60B62E6EEFB8C4D7D23D83366BA016006354935
                                                                                                                                                                          SHA-512:43BEDB6029375DDCA9A5BB0CAB61B3110B80A8BB76F907332F53B152CF7BF8224C9708E938D34A6F53DBB5C7097170FF7F762BB008E0A30BFABB1E06F9FCCCCA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//198FC54EDE5D4DDFC0D1FB64FA7C3506E942E8826476BB919A06CE23D48B976D4D8D895EEB23735FFB1CA10B42D3612B78F90EEF39EEB6E7CC14393C73339859++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.475935258072216
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHrXqrjfgiWb74k:CRsyeBmWfV8ZSXSHMfgj
                                                                                                                                                                          MD5:A0FA25412DD8F6B1642AEAB0C2B43A5C
                                                                                                                                                                          SHA1:5D848F134B0FA49A6A9D79F51268DD46FCE984B8
                                                                                                                                                                          SHA-256:6CB94F12C952A2919864F82F7655A4620FD6E546AE1E3CCA7B58D734210F5C70
                                                                                                                                                                          SHA-512:0D9506C51A7A17D1AE9E0EE16CA71C955DB47B51224C54E7A83E2C9009A90C8A4A6DB057F82ED20167EA5C267FBB9A30DA50D8FE371C2708DA02A78F0D621BE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//882A8F5DB2A0DBAF151EEB31B0D0AE06ED48BF60C78560F1A2EA8CA497AC4CD1DE1D0A4B6F934F54222F868298EA1B13594073882DE67FD43AFC30AD85C2AF35++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.495942385043319
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHPCRUxRCjmaS:CRsyeBmWfV8ZSXSHPCyxRC6J
                                                                                                                                                                          MD5:50AB36BB209778F1C55CB5654D46334C
                                                                                                                                                                          SHA1:A41546FF370A12AA41A279A321FCEC4E068328A9
                                                                                                                                                                          SHA-256:D80CAEE10B16DEC90606E13724EDDD1B2944D219B2D553D388C4A815FB57C4A3
                                                                                                                                                                          SHA-512:1A294716DF9FFD71532330395AFDCA704B93E7282DE1ADE6373D7D1E23972D46C34840C041E343B768A89B7C44D7613A1383AB19A547EBEB3D364C366E2F347C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6F72F5C6915409203EC6C8F9EA50428B23E0C0273A6ADA6171053584A0B457F90ACB9904EB312411D3E573F53F22B5972DFA94254D4696E096C4535A02336385++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.469004306713551
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRHGC+zfeVDo8o:pCPR+2cyeBmNEfSU8ZpoXSHnzCo19B19
                                                                                                                                                                          MD5:FBC234726DAC88382EF2C15DC96D0848
                                                                                                                                                                          SHA1:6B70C0C9F92F3DB4A6FD03049A453D6481BB3CBC
                                                                                                                                                                          SHA-256:C0FFAF02B0A499EE09496AE58C04C73DBF387CEB611890E2B3C154A3D788BE5E
                                                                                                                                                                          SHA-512:12B092B5926DAAB4E8FBEEE24AED2B1FC830996A4D2CD10BBF100433C1F5EB36E1521515F7E1F3B031F5961A143FD0033A382AF66F0BC1B4C14805928C559B11
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//86A984FD038693739ECF3A9F7D76445D3D6A0ADD7B8EC77DD64A59D78DF249BFF53785D7720226AA6E34704D4346A56C6DB98D3223D16D022C62E3BD0B9F17A6++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.4738843132819595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRkmdU6d67eeyp:pCPR+2cyeBmNEfSU8ZpoXSHIdma84T
                                                                                                                                                                          MD5:0B4BD9B6B2F45C327AAC05A8C6A8082C
                                                                                                                                                                          SHA1:41720B1C989F5AB1726C275A7E1ABEB83717F539
                                                                                                                                                                          SHA-256:1CF758BEA8F6D3149A73E81BCA1418286D37F5FB02FFE136F125848FCB5B02F2
                                                                                                                                                                          SHA-512:70837F65DEBB8FF916980C49D64F62468691DC4E166695B81A61F76E17A56E93A426C111961DDD4D9A1AB59331F29B009C2B2F05F32099BA58377E1E88CD814E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A15C599ADD02FC398C10860BC0ECD1178EEE2186F59EB012C3C741A00204898956A0F59FEAF41E1661BBCA71D782D8FAF0E41FF7814809BD51CA6294B3F9A79D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.470036256437061
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHH1dtKmwShBc:CRsyeBmWfV8ZSXSHH1dtKmwShi
                                                                                                                                                                          MD5:044338D6F9E8275912F89814B2F30059
                                                                                                                                                                          SHA1:DEA5721CC6F951B83CB0F662BA23E1B85E16C727
                                                                                                                                                                          SHA-256:25801D244DD567C93558EB917FF5E18D1FD8E76D73983995DE07E0125E1A084A
                                                                                                                                                                          SHA-512:EFCDDE83DE6083F7CF4B380B34A34DD50E95593CE5F64DE479C7ED649B961BC6CFF90E08E47E5D5024E92FFE29B2D9F352521A4FEA669208A980FB2199BEC509
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//8BD368FDFFB4EA20079B3E2C1276507EFFE5C7EFF4B8E3C7210CA0B9BF42A8B3203034E29CFD180F2481BF316EBEAED76C7CAEB96095901CFB69D82D3F9A61FD++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.422792541724916
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjZRjgWRpk2CDD:CRsyeBmWfV8ZSXSHjjgWjJAD
                                                                                                                                                                          MD5:682B9901E2904079F13F266C64B08E0C
                                                                                                                                                                          SHA1:6C01EE55020FD9BC1B76B3B4B01D0E84A713D211
                                                                                                                                                                          SHA-256:71258219C7357066CAED9F9111C17C338FB599814EC267E48042950A81AF8045
                                                                                                                                                                          SHA-512:BFA51E4A88AF77B695EA9837C02B812BAFFA88F5E5526947454E11DF59C763F7427D16C7D696EC0CFA7689470740964AE74A68A16206525467418DB761F964CE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//F1F9AD5C3DC2AF99BAB05513A2D5FD66E11BE4A11B157E25D3ABEA79B14AE1F93BA7C7FC97F46A773BC883EDECB3E9EAA95EA0A1A977A201E0CDBABBD9219339++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.457875816162936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR6M1TnN2OWYj3:pCPR+2cyeBmNEfSU8ZpoXSHNIrNZIY
                                                                                                                                                                          MD5:BA9175971DF351154157D53355F8D440
                                                                                                                                                                          SHA1:DAA6CAECA319BD54C283C0E4AE6FDC318BC058AE
                                                                                                                                                                          SHA-256:EFF588E1AED4F734C17E9CEABE1175C9DF43B6BAF11EA530A779D5EF43E8D274
                                                                                                                                                                          SHA-512:FF66ED42900F13912AE5762DEB9AC64316179EA7773F5A7191F8AE77DD17DC20C78BD9DF1F0671191D7B6120FADA39E183E414250A5FDBD6D8A5DF4E0F1E98BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//9A982904F084236422BE18EB0F6CE060BE8E15A2068C32D1CEB00F2E1733578B343AFCD3638193FDC6FB1C10B9EB1AF162FB1FD09E8313DB8C78F0EEFB0348DF++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.459356963784258
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjIs/DCezHEJsS:CRsyeBmWfV8ZSXSHjIs/2ezSsS
                                                                                                                                                                          MD5:83130A13CC410DE99D8F067412667E5D
                                                                                                                                                                          SHA1:0A9C99FEDC871BD967B76381F16D1326D735629A
                                                                                                                                                                          SHA-256:A9F0B9178322333DBDCC7AB5244CC0323A5BA02C00EC8C7E24BB2A7D4BBA8A66
                                                                                                                                                                          SHA-512:47ECB482C8B515EC862B8A2AA863CDFF39C7A3A44C42B0BECD62356CD1711CE2F1DBCF691C31BEE437ECC37547553D4E355CFAD7AD7715AA090DA0D132355865
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//C331E0FFE037C234BE06DE25A983DF01EAE7A2726907BDE577A72E75C66BC0E1D75C05D1777E33A16EC428177A6646DD85B0FFBF10D2C6114249BA2CA1967A5E++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.475353258660528
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH6gsYswIlMen:CRsyeBmWfV8ZSXSH6gsYswIV
                                                                                                                                                                          MD5:3BE119FE3E6330E0730A80796B3CA9FF
                                                                                                                                                                          SHA1:2954293A16B2CBE1EF2FAD5CD611E97C3B9C3861
                                                                                                                                                                          SHA-256:E503EB8BDF4E4CE922257ACFCE1F15E65BDB4419EC6AA124FB27DA33AA826BE1
                                                                                                                                                                          SHA-512:83CE7F139C87550641EB5570A84E0809AFCC13916A9432D5DB418D9F0A098359EC1C678348846E0F9A244B43686B0B7F74E87F3A3B1F998FE08C30B43644BD49
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//F43809A83B5C6EA08A744E2130B9FEC4A9A8A8F61A85AEE97C4BD2FD31F4B2EB2AD3D2A77C5B147CB6AAC69BDE3762DD5F37D4A604CF7BF5978A17ED2229F911++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.493050363802037
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHIqGzzrVB1G:CRsyeBmWfV8ZSXSHwzzpG
                                                                                                                                                                          MD5:8E3B30D31FDF8FC9FE9B7ACF335BCB5A
                                                                                                                                                                          SHA1:755275E4FF374B07BA8DE6FB1EF971A829B006ED
                                                                                                                                                                          SHA-256:B281FB28BB41C86CBB1FABDF93D044D8E2A772B543C5DDB610710260F34F8DED
                                                                                                                                                                          SHA-512:222CFBEB1C6AEAB7308FA43093A045A2BBE2023F52C70C7BC8CD99962F3F1830728B498D88711A07CFA9631E28C2C50EEC58FDEFE996B80688ADAC89415B0C50
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//82FF624D72A6FAA2B1905C65C4A98BC593FB309A2D9E577663CCCE5B0AA6B8CAC826E0748828C5629818770FEF4353B0BF07D680757117E75913F9D65BBEA409++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.451309364031569
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR2SBuQn/I4DDk:pCPR+2cyeBmNEfSU8ZpoXSH2V3UF
                                                                                                                                                                          MD5:9C6061A4B4E67F431AAE63D76177DF30
                                                                                                                                                                          SHA1:24985E30FF76B0EB81D86958AB50B21D8B983977
                                                                                                                                                                          SHA-256:287CAC7868287E4D312F69ABD48B8BA302D58CE890C2C0ED4D124DC4A6969C3B
                                                                                                                                                                          SHA-512:BEE3636943930ECD7CCA15EAE1DCF3CCF1012ED8C1E13CCD0B4FE46135EC9D821BA7CC1228A4341F86818F85FF69E6625886FD1F6AE5F79B333766FC783CD448
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//FCB8F4F8FB73E2B27C7FD72AD5AC853E39BB1264CBE60C947817E8E265C55B9CE77C76F5D3BEA0693D3C283727FA0B23847B9A7CD174F3B7533D4ED9878C8CAB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.449750602929413
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRE7Z/eAtypsRW:pCPR+2cyeBmNEfSU8ZpoXSHV5xw1O2D
                                                                                                                                                                          MD5:3091D3A063743E6FEBEAAB42B85A0DB7
                                                                                                                                                                          SHA1:2A89C2D454D23D0E2CB15CA3E8524C29DFB59304
                                                                                                                                                                          SHA-256:872017EF35CD1A11F77882E025F50B91F5E80ADE678C464C3A88DB285744D090
                                                                                                                                                                          SHA-512:5AA8FF07251A479ADDC0F538CE9FBF5B4A75214072BF008EDA3353CC59AD569A8469933FE6D79273313A216D4CA34A8C78F2F37AF57328B74035E76A4658B582
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//D7DDD596097C38BCEB0D428FF821F99EC672C17DA78CA82818190A332A4A34CC0D8DA11F3ABDCCC4B388E13444AB6E4F3F7EB8B7371E2C135D00DC35DE21CC9E++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.492530568430693
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH/8pmXflwTfbann:CRsyeBmWfV8ZSXSH/pBnn
                                                                                                                                                                          MD5:BF7900147A827F07120DAF5B5B98734B
                                                                                                                                                                          SHA1:AF92B2F400CDFA17BF6CFA00A84B2B30DC1085C1
                                                                                                                                                                          SHA-256:E0995DE32214F75522586622DDF7F7555EE0733266D7B59603C82EBEE04B07CA
                                                                                                                                                                          SHA-512:B72188F30E381332F5248E03161C411A29D36155586D3F74D3738936A9A5424F832B6697F62D4CCCA1009A2C24341ED99089E975AECE982C2063559F34D34105
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//74EB87A572168350886A4402BAF30706D52251A02D350BB88DFCE57137F9F41ACABBE056EB94FAE308606C845930EADF1B68B396070E96BB86A52C669E11A4D1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                          Entropy (8bit):5.487688196631357
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHrpT+S32YwKO:CRsyeBmWfV8ZSXSHh+S32Ye
                                                                                                                                                                          MD5:9BAAC7F78864EF3593D6102291016028
                                                                                                                                                                          SHA1:347A5AFBF7B14A46ECADE34515F18A8D04BEC100
                                                                                                                                                                          SHA-256:B0D898CA87EDDCC009CF0F28B70E5264236536E7ABDBE2B16EF97A12DD6F66DC
                                                                                                                                                                          SHA-512:FA9FB05A7B188B04656D387486366F5382313FD2DBEE66287FC28D790F0EC3AF13B3D304A6431053BFD02364B8107D455B46F63C6F24570C206CD1D5759DFB2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//83ADBEB9D45332DF7BF514453B957B6917B346DBAA0DAD3454E02359A289C1E9A797B83FFEE21184837400E309739B56228E4EBFB428610B63A367BD37E76904++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):716
                                                                                                                                                                          Entropy (8bit):5.6123995105579825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRToEwCWHmlva:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9G
                                                                                                                                                                          MD5:00F4E38B48072F3869B60E0D95C2A9B6
                                                                                                                                                                          SHA1:C8CE5CA8F175008CCBEC78275E757F62FE9C635A
                                                                                                                                                                          SHA-256:C2D22278512E32727CB434EA10F23C86AE9C08CAF0AE4DAB02F02FCB1041BB99
                                                                                                                                                                          SHA-512:64429F44AD0594E529C1C4CE9FFB87981790E67BAAF4CA3E704FE13C2BAE720E602E9ED2D74F3E9664A91EC6B3C1524070137732798EB8B4E830996379C3C16D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7915940C39986F4880E6A2FBC9737543635F5A1D110ED6E3AFFDAFAB149C5AFF1703FFC9466951316626F1FBB58178AEBD100D0078DABFC21D0714D0CEEA119F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):728
                                                                                                                                                                          Entropy (8bit):5.552900854514872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biUvzbkLwT5zxjAHo8wN9wuRTo6NHMxracRckCdXt:7e9SlNLiafLYFv9KO4Z7WIOHo8wN9ZR/
                                                                                                                                                                          MD5:B2C903C076A41A1737DB816018633A98
                                                                                                                                                                          SHA1:FAD0008D1C2D4713239C3D9058685919F656B7AD
                                                                                                                                                                          SHA-256:F525F6EAF3880731B179D85B090C0632DA0D913FC84E5E3F98071AF276259F55
                                                                                                                                                                          SHA-512:95283B3B641A234A122386A6E7D1D8358FD5AC67F1F72262E53B028A5927B12EAF501A2D4E4B45A14014D96CAE69C0E514540CEA80686F1696901E609E14E805
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//514C43E98B794D2AC98CC2A39D1794688A93B8FE872BF50CB063364579F1BEA8C13AEB945A186AC919AC0B33B114C4CDF8877E143AD3B5EDF237023A807AE010++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):695
                                                                                                                                                                          Entropy (8bit):5.549081746702864
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToEKQw/Fht:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRQ
                                                                                                                                                                          MD5:D758E0A6DA482AE0EEB46E0B8A65C9CD
                                                                                                                                                                          SHA1:7945EA60F5AFC84819283037B2FF493CB8224C5E
                                                                                                                                                                          SHA-256:14F8DB188A0130B264D3A34D0ADD757FD1BE3C5A5E02E581BC0A9D578F736B87
                                                                                                                                                                          SHA-512:E93EB661D24C40DD2375B521B256EE9F3CAE01868E261B2F4ECA39CF8BE37C7C0120097DAA365B8F5503D0388FA70E8E26E1F795E27E0BA903BC5444FEF2E55E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9F9083EA4FDED455F3A23B016952128F280E9BB91D2498BDFC250400DD82FD928136390AEA869B7A1C014FE3C0760121E9800361A5837B39456C1EDC9746BEF2++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):750
                                                                                                                                                                          Entropy (8bit):5.77117399690753
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTol6VFB:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9t
                                                                                                                                                                          MD5:1C8FFEDEC34AB60D998C996AC7D55462
                                                                                                                                                                          SHA1:58B78A462590B78A421024E70D4CF89434AA7BC1
                                                                                                                                                                          SHA-256:CBCB9411E7947D6483DF5E05D967C9531AAAA0CA3F233E86994247818540CA5E
                                                                                                                                                                          SHA-512:83A500DDD5064EC74808E28A1544862D47FA42188E0AD57B22E0241529147261DA4AF60017EFF000ADBF88E307A6FA56C78963D73AC9A6B2536E2FD2B9D81D56
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D7F2DA34F1B7920CDF501DA892A6EF4E0F0482D5B374A1842AA59B4D81D84459C21E6F05926E192B86431EBB5037EB33BDA11B0E22308710E9627D7E7BBDD102++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):688
                                                                                                                                                                          Entropy (8bit):5.487912643529434
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTo/upmkI2uDiSRgC:7e9SlNLiafLYFv9KO4zkCWIoT9ZRRIk8
                                                                                                                                                                          MD5:CC46B4069EB88FCA4183A1802345E488
                                                                                                                                                                          SHA1:06D6CABDCD0E67EBE402C81E12963AA00E04E799
                                                                                                                                                                          SHA-256:ADF2EC9276CD96BAA46E217DCE9586664C7DFFA22986B26596AC985D3E0C3903
                                                                                                                                                                          SHA-512:1DD44483C0ACF7442FE1DAADF0FD3256C1099EBF63265984CEC610F8811CEAE867A1081D8BB8B9B801E08BDE0E8D7E265BA4A36536B0E47FC000E262F23B8848
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//93ECAFC6B6FA905461032E6E8DB4729D2263C0306E689F6F2ED8EBDE9DEEB34B003A93CD10F9DA8B1526F7017FC0F77DFDA6CAA0F0FEE67BE1F16FE012A4EE93++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.5223212774827966
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo2XZwfIuN1gC:7e9SlNLiafrFv9KO40AnWIqgV9ZRFQf
                                                                                                                                                                          MD5:54A4EB2032797DD5698E222029700740
                                                                                                                                                                          SHA1:2F7E07CEB0295F3239CE8F12E8A9D40277CDD301
                                                                                                                                                                          SHA-256:30055D95C0B902C93AA58EDB2743B19D928212C2F7549148E79EFAA99E263BF9
                                                                                                                                                                          SHA-512:C05E874A388172D7CD8921F4C1F9D61AC8F03D0EB53EC4CDB0ECB530461264A948560B949FE6416BEA2077440AA44F0B60F0BB0C19A986F042433E2C141CE8C6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D637B12E35A4ABAF510C98358FC89098EE8C5F537636E86A2E74A59998CBCCEADD062E0D121A282C7F190C2006C9FEF1A0F154606AF95776592B825C8C802D02++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.537604554770778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo6mVa4V9ncmIv:7e9SlNLiafrFv9KO40AnWIqgV9ZR1QfA
                                                                                                                                                                          MD5:AB2324AA7C6A311DC97B36ADA22046CF
                                                                                                                                                                          SHA1:5932FD81A2126A13F7C03910E68744C7F41DE394
                                                                                                                                                                          SHA-256:A7D4654BAE3D149D345A887A7892962793D061C9E755F251A7D19C2F564B939B
                                                                                                                                                                          SHA-512:E538DACA1AED4E6B3273DD1388B7A0FA576CD3ABDF156DCF6C3D816F14B7516711724C77E1C98E2B672981E32558CB7DFE4E4850A634F6C021BFE84BEF1EC267
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1496EF941B55F4BF4FF8C580A2561563C6BC322E226844D8B8F8BACF0FBFDA7F6BA401BFB844DE187768CB4BE50BA3807F79D92D3D499CA70EB86A09479E101D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):694
                                                                                                                                                                          Entropy (8bit):5.5173328903737
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biO6EGbkLwT5zxjAHo88WN9wuRTo8M9DEXW+A29dC:7e9SlNLiafsv9KO43GWIOHo8Z9ZRnS+Q
                                                                                                                                                                          MD5:2EFAA2FE73F61AAA9575F06A7EE25AAA
                                                                                                                                                                          SHA1:28DB2864BC91CFEC0F615800C7C48D0954F8DE61
                                                                                                                                                                          SHA-256:3D65ACAD9615F07267279B3C6EF547C033D37B1F55E9F393BA5F07149BF158ED
                                                                                                                                                                          SHA-512:57D8821F7C5EFA9B630E3CB0A9CFB51E0A1BC81D8FBCECB0595FA2373B3B8AC488717516EDBE4DF07E83D372E73341BD04A3907745D7AB5C08100FE9141B5E67
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "tietosuojaselosteen",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//592438C477D7D5A0FCDE0A4ABEEC1E61160F3ADB96ED593D2336CB7F85A5D7ED20530ED0297802AE44966CA63AEC0B0D86E87CCF49CB09DA32283990C5157737++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):710
                                                                                                                                                                          Entropy (8bit):5.571075904252609
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRToHcONXKvL+u9vFJ:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZR2Y
                                                                                                                                                                          MD5:B1FEF06E6DB7C7840355CFDC9E66DFA9
                                                                                                                                                                          SHA1:1A72F5525215F467F2687052C1C107143BFBC497
                                                                                                                                                                          SHA-256:CA51CECD55303BF09C0F9E0E8285419EED57BB2E457E906FDC06763F1AABE64A
                                                                                                                                                                          SHA-512:0D3A8FC6D51795EBD7116CF30FE7371A01ABAC64D898045EA8BF1E22C975E2E805B9ABF2B51BCD9B12A10CC56941320869E63A818DBAEAA72764010251757171
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E31462AD7B349988780C04B0BC7C8C4421A8A65C2B0267E5BA72FC3F8BB7278C1889AB97283D655440681525FC18608C9BF44C79B9E6B01A384AB197AD90FD4C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):710
                                                                                                                                                                          Entropy (8bit):5.544187033409281
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRTompOE6pzxcgRg:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZRHN
                                                                                                                                                                          MD5:81FF80E529C769AECE9D98592D14A500
                                                                                                                                                                          SHA1:88D9EC34A3852BB8577FDC4ED89AD71A79862F5C
                                                                                                                                                                          SHA-256:98DDF02B185AC2036F8EBBB6ADF9C7B4FA14FC8CA9FBD19B7FFBFEA3770977F4
                                                                                                                                                                          SHA-512:24C932AD5D51E1B014E8BBB5371104884EC3A20530F8D6653F28D6F52F2571A2ACDF70D803EF12FA7D974DD3907632676F0BEBA0CB679D46E46D3AB7B9B3CCE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6272E90B87E22993E4A9C7AFBD1EA5F6E826D3D603124F3F6DA42CB6FD6A7CA04857CE3220935E918503D17C26ED9CE2AD48B2A2C83030EBCF9BE923DD91B71E++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):703
                                                                                                                                                                          Entropy (8bit):5.5270598050887205
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo4jRF4zOAkE4XG0:7e9SlNLiaflv9KO43BoWIVT9ZR774zhK
                                                                                                                                                                          MD5:7AAE3B6206C930CD459C11C26F120447
                                                                                                                                                                          SHA1:9B5AE66FBDE3B0E7AD58C1D69A7DAF40AACEDC67
                                                                                                                                                                          SHA-256:8DCD9C2FB5873BB4F522C9E8209A0CD93242C1B1B47EC53166E2E03355668E1D
                                                                                                                                                                          SHA-512:47977AC2A48626E4500E7E8A84E9843FF2C7CF5CC403AC58629B13D0DFA288BE320A48436332D0AC2FEF97D7959F14BE2DDFBB50FA35516C03070E56A694DDA3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C5921FB8FE54F0C9BADA85486599B32A165D30DEEA2DDBC8609E4045DAA88AD032F6AB1D073C3AEC92DB86343CB0733C39A62CA3F84D756E6E086481CE8F7AAF++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):699
                                                                                                                                                                          Entropy (8bit):5.578115457562142
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRToXaaMM:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvw
                                                                                                                                                                          MD5:BEB5960C719B090AA684968F630B674F
                                                                                                                                                                          SHA1:30F3214BFE12A27A84BDC14446F4F57AF96E46B9
                                                                                                                                                                          SHA-256:3851B97C8DBCFE1A9E85AB1B712E3F4B8388BFD7EC665211C83D66A59C5A8772
                                                                                                                                                                          SHA-512:33E3874AF7AD6186532F1B5EC90156287C3D73837183EE4934D7919AA8A43145DFC6413840782E759E8B65211673AE3A8794DA424EC9B565875CEA709D6AD17F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D63EE19641986D9D825A8C5134A9CE24F11402D1E1B0E33B2454ACB50E4A62EF5E0C8E59D2ABEA7BF41C597CE801D9CE9A00D9E4A4FFA823C7789863F9BE63C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):697
                                                                                                                                                                          Entropy (8bit):5.505876168763784
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNp7mbkLwT5zxjm79wuRToSj0hWSWzpp+8:7e9SlNLiafVv9KO4apKWIo79ZRXPzpg8
                                                                                                                                                                          MD5:A14208DB73B39365C4D6C838776981D9
                                                                                                                                                                          SHA1:FEB20B19EF9C58C6CC10914A9E139ECC617D91A1
                                                                                                                                                                          SHA-256:E13248A02CC9BF468A097DBAFF0BEED57176284BD10E431E4005C525B91C8618
                                                                                                                                                                          SHA-512:53A3E81DB1AD91A64D281AE089C8AB4526873D7A1EBBA27C93146320CB132160EF7441DDECFC715C2F28F5901E74E9B1EC02116C247C287458AE4F7DD5899373
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla Privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9D53CF31538C018BAE126DDA881FFD6C157AD09EBFB4BDBA389AED758E33FCE052A61F8F331AEC363DAE8E19DA957FBD41B0D08A44EBDA2D4CDEC8D669091087++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):808
                                                                                                                                                                          Entropy (8bit):5.7409373263357235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZR6Ued3:K9fLdICdfA49XLAWIOfUHFKdd3
                                                                                                                                                                          MD5:28B7739A421835EB9CD88B6013D4E689
                                                                                                                                                                          SHA1:DCF2CCD130415AC7F2C45E4495AAFC5EC976B058
                                                                                                                                                                          SHA-256:0C69D07D25EADA8203C4207A619F31992E1EC223D9550E645E2780C4BF3C29FA
                                                                                                                                                                          SHA-512:501684FDD4B4569C5BFB7A4F7E4C32B7FD8272E2B4961958F64B03E6B74D5767E19E17133F43A3CE5ED4DD932DE509C96C2D57F53B8C60318F03AE764A86EE0E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//26438DF7DDD1B7091ED260C5751D4A077CA382594D057744E7A18123A105135A5502DE2EC8D32B83E5301B99F1BF5EEC74B00DEF5B1B21DBF4CDBD9CC6109029++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):742
                                                                                                                                                                          Entropy (8bit):5.82878368970307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToa+g/N0u+Ho:7e9Ed13isnfVtv9kc4sWIViQ9ZR2gl4I
                                                                                                                                                                          MD5:53F240755A3E1938272249CCF8BD05D7
                                                                                                                                                                          SHA1:770F628BB772CC9461CF3D234E061EA4D810B119
                                                                                                                                                                          SHA-256:51DCD424DE086E10A9591AB85F830A8F466108F9DBBAA4B47A6DBAFB04BF2986
                                                                                                                                                                          SHA-512:54E1024EFC0B118C78C2406FB7D92E9794A241CBDE0D122957CC2C0C9628B443EE3EB7BEB916C83AD6BA7E8A706BFC8B7A78513119902A867A3728938EDE2A50
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//277BE604E32720DCF4BFF19AAA4CE10DDD8BABD440063659C78111528AE8B9281D266930182575EBEEBD256C8A040C4507A85B56B99FD882D9F3380D6FDEEA77++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):696
                                                                                                                                                                          Entropy (8bit):5.566757432761514
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToQMLVXQQgAe:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRtMA
                                                                                                                                                                          MD5:13FAE2BC4589EEB043806433697F4963
                                                                                                                                                                          SHA1:3D8CFA01762AEE740AA79236BADF9377275C8056
                                                                                                                                                                          SHA-256:F566A0C874B6497D4062F50ED554E5B997E4802E3B38AE70F59ED5787E39ACE9
                                                                                                                                                                          SHA-512:0A9DA7FA70D04D7AB53E4B7965EE8B6985BA1B2F6B2BACDFBEA92958ADAED25DC469BF6CA81B17BB75F53D3F5E39EFC3828984CC2346D1AFA6E6DAD14F364025
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E6C0634EF860473E5E1AC5DB56979665B177B654AF315AE120E64100E5693F76AC7D9890274062266625FE1B3B2BE60A8D8495F7A38F8C8C5EC99648483D6C21++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):746
                                                                                                                                                                          Entropy (8bit):5.619956078029764
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biKGCEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToJI5rcn4:7e9SlNLiafyv9KO4TGCEnWtB26OHo8Cb
                                                                                                                                                                          MD5:92F19DA62297C36C9E535BC5BF8B2F61
                                                                                                                                                                          SHA1:4BACE2C47E227ED1FEA94EF2712745FCC7F17E2D
                                                                                                                                                                          SHA-256:55CA92573C4E375DD2036798B34060BB822CB3B30396806A414539B5BF247474
                                                                                                                                                                          SHA-512:7B8F12E39550B6ED65D50606D4CA8D8D52252D0527FE62538F1653339E3FCD36E16F096391D63A1A0A2FCCA1C210F16D0E79EDC0F66008D3BB0F8F12E20A69A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//85B81632B31DF611B6DB04A1F9D62E994290E36CF52C98D4DBD8811EE052DF144CC11541848F2D1C2C3DB510126DF77205BF71332EE9E5CB31D881E9C857B245++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):709
                                                                                                                                                                          Entropy (8bit):5.575958834672549
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/xumdtLwnVC7dTN3:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRi/
                                                                                                                                                                          MD5:0303083C987D0942CFF17CE9D0027E93
                                                                                                                                                                          SHA1:FF1E0146514A442652002DD534A41046937B5914
                                                                                                                                                                          SHA-256:56188A2ED3326B0860D9CF76D6961CB643FC1A2F93E2FFB4DA2ABC0FF8640116
                                                                                                                                                                          SHA-512:ECC7AB3D3F27CB2383AA8C49F86F6C6BFA1027148997D4F92825D9B730641D214C95C0BE924B71575B1395A61267F34CBA6CF27D13E2F8D9EFDF753E6749C76C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//2B110267F6341264500B29DC41AFD0C0D54141C5440DF4870008641509E32199642C5F03BF1696B79BA1C750119560BDEC726C2E3E852CCC3A6285FD7890EE61++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.549994684984163
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo12WFze9jTXEPvOun:7e9SlNLiafBv9KO40HWIOHo8K9ZR2Mt6
                                                                                                                                                                          MD5:801B89861183733EA35C952F78618985
                                                                                                                                                                          SHA1:E32C18AC6CA2B460C09759604CFC012AA030C03C
                                                                                                                                                                          SHA-256:95115CF18EE1E1A4896B08DBA7F24D012FB1B019215F86EC0FCE99141DEA9EFB
                                                                                                                                                                          SHA-512:3E0654E78080E2B6C5FF461F9DC4F85AD29D19754DD46880E80A4208E134CE2D5B6E449F9AC65592DC2BBDC2B7E44234998F0F7700CFA1E0218851FD5EEF5531
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//38319A37158F74349C56AE780D2FE1EA74369BCF9BF2139B6E7E1F6356EE6BF27E0781B2EC874623B3ACBC61CBD4F20A336E5563F143AC8483FE50230576700A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):5.5619311609747175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4biHfHbkLwT5zxjmkf9wuRToePiIUngpgph8kWhuGCs:7e9SlNLiafBv9KO4ofHWIoK9ZR1BUkvt
                                                                                                                                                                          MD5:0826E1B34CD2718A14E67DB7471FEFF8
                                                                                                                                                                          SHA1:466CF995CD7E7673DF269E4DA917833DECFDEAEF
                                                                                                                                                                          SHA-256:E84BDF8D70A4D9032B2ECD3B2920DFA245E4420A1A05D2681A661D358D6804BB
                                                                                                                                                                          SHA-512:041E3F2164BA3C67A4F306855B59AF7BC516AFCEADD315FFE8E28A573CF2FE2DFD1B8F62A2C509ED85D9D24D95D56EEEB7D22D10A5CA007BF13A24F069089031
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//62715013ADB65289BD1425F49A9D44B5CF85BB826081DA7BECE9C3AE4217243A475EC1084D7F31910504181A52A7F7B35DA37012AB7F3002AE77CF8DF6F40CC2++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):751
                                                                                                                                                                          Entropy (8bit):5.755930371819692
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kf96v9LuO4bi4epiXbkLwT5zxjhKgE9wuRTowy3NvVknWaZpFkWc:7e9SlNLiafUv9KO4sWWISt9ZRmvVknP6
                                                                                                                                                                          MD5:CB17FD8DACE0C83B800F99F280D52A63
                                                                                                                                                                          SHA1:337B214690529E33BA2294A73E957F6D608788B0
                                                                                                                                                                          SHA-256:04271C792B07D7C0AA35385B55D51D3CD95398588C2F45D934775E669BB183AA
                                                                                                                                                                          SHA-512:6C47919977A192326E14B13C58CBF056901B12CC03B4C22B15D299E0D7538F49C21873E0A744E77924492468EA4F7F42FC42DBA610B24872DDEA397AE4539CD8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//88620717E9EE799EB8AA7F2E1760C2014F35B651171979FE060EC65AA5F267F05ADEDAC3569FF2A423984079CA92354D45A0F0554C8443802E3B39E48FEC628D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719
                                                                                                                                                                          Entropy (8bit):5.6102161711105865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToS+Y4nU:7e9SlNLiafNv9KO4uWIOHo8+9ZR8Y4nU
                                                                                                                                                                          MD5:54082BF3A6B20F715D94808EF1951E71
                                                                                                                                                                          SHA1:B338216AA1F573D6F3EE14D26A514C5B9741C3EF
                                                                                                                                                                          SHA-256:C291BC36DF5BED83B96AC1A20B18B1B26A50035BF78B392A87A8205AC3EF169E
                                                                                                                                                                          SHA-512:126630161BD3266CAF11661A20AF0662EAE3263CA0D489CDF1B03796F2C732BABD865A37AE7B143ABD8EFA6AE1CFDD928710F33008058D22E8C153EFD8AF39E6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5624C53BCE8EA93E7C318B6470C5FD2BEA3CDF9448B5D8D70C5A88356E4684C1840F2A24BACB9BB5EC460482E3A6AD71B85856879DC16C66C82BC35A4E3EF13B++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):706
                                                                                                                                                                          Entropy (8bit):5.554327092493012
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToojRkm5e4eRgiX20qdSh:7e9SlNLiaflv9KO4cjWIVT9ZRnfeBg0X
                                                                                                                                                                          MD5:0C9AFEA80408DB59A843AAFA6C0BC23C
                                                                                                                                                                          SHA1:D9BECCE27AC0CC8ABD9DABB30EE7B23618CA7E7F
                                                                                                                                                                          SHA-256:F3ED198C41D3CDA9E9C973CE8C69650A2D66F8A496822AAC76FBBD4B23B779F9
                                                                                                                                                                          SHA-512:34C1977CEABEDA559AAD30E9162D3C4DEBCDD852EB3B79EF137739430479CDD0B6054D56973EECAA13B184596C42CB987DA26ED37D34DF34B7E7C8AF4F35D7CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1A84BCFAB89E78FD65597DBB6DEDC6ECA87B05E1F9B47ABDC62D1AD910BA86893B1F3895942A45176464D7D9FEC7BACF6A8B07D4191E028305DAD41F83806930++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):690
                                                                                                                                                                          Entropy (8bit):5.513710902007872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTofn0mzpNlBFjhoepkhn:7e9SlNLiafLYFv9KO4JGWIof9ZRcn0c+
                                                                                                                                                                          MD5:F70671A24786782017CD814AC6AC72C1
                                                                                                                                                                          SHA1:26F9AC77B1764AD13371B720A92F3A15158BEE40
                                                                                                                                                                          SHA-256:CD852B915D12B12640D3E5197CEB2D464A1B495CB78A3B6680C3F09EAD0ED91E
                                                                                                                                                                          SHA-512:AB57130DC2E669B486BE710A98AC90F37D0C27970EF2CE12D6F1ED2A544103AAD0FD166373A8D76F2E62B8A506233A4FCB5DBFBCCFFE3B4B85D7259E470C4E9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F9E40AAC3AB58D47F27C4E63326E01B8315CDD4E1995A9F361D05DD7B20E79F8EBE2F210A12CF91EBE35A4C492EF923C7A37BEBD67F790E5AA02D49BB75EF0EA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):696
                                                                                                                                                                          Entropy (8bit):5.545555209314935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToq8TMJ81S1oQtZvrgn:7e9SlNLiafGv9KO48QWIuv9ZR3qr
                                                                                                                                                                          MD5:6968161BAA9545B01DDA30AF5FB7A36F
                                                                                                                                                                          SHA1:7E78CE16FE43653B060C217ED37A1CD65C38CD04
                                                                                                                                                                          SHA-256:148E55B8F85C7837B17520E2100AA5C2A8F956FBEACB18E84876F7C12A98C654
                                                                                                                                                                          SHA-512:2B47FD43A6BE7701B6EB24174EEB78251E194EE8764B04F0CF53CB33C063EE08DE6D535C1CD2033FCEBF36309E3797C76139014D4A2EE5773EF076DB6DFF77BD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//8776C33924D3DE44C8ADF4713EB85340482CAC0087E39DAE7CD3D05592F58E39FD4C4D7E36F383819137D5CFB5EEA1E8CE9717243D9763F93875A3834861584A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):719
                                                                                                                                                                          Entropy (8bit):5.935688545805366
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSuKxi7s6kfF6v9bgbi5ywbkLwT5zxjtDYv9wuRTopfLfT7XbP7:7e9uui7s/fsv9bg4ywWIv49ZRufLXbz
                                                                                                                                                                          MD5:80C3F7CF329979756A2483C61FDC94E0
                                                                                                                                                                          SHA1:4D789234D75ACF3E6876C742D7E4B2DB660E15A4
                                                                                                                                                                          SHA-256:77888F083FA21B5CFD2EB5CBE5C6407A7421BB04D76F127F49DD5BD426D1C572
                                                                                                                                                                          SHA-512:4C2C012A7D27C2C0DE54B1650D24AB7C909A871CEFF1410D1E2EB3BC9F8783F8928F812813D970AEA92D7989CF669771B7FFA18431A3132510D4CC459204D81A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "......",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F6E98D5300FA7FAC3CDBD26ECC83D725DB0761530427BCE04CAF85A01F83E6368A59F8EE59AAF5009800F25844EFB5700CEED010C18D0F0F99E2C31715A94B21++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):694
                                                                                                                                                                          Entropy (8bit):5.6689804706681635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToar0jJ5H91/f:7e9SlNLiafsv9KO4d1WIG49ZRhr0jP/f
                                                                                                                                                                          MD5:5BC62AD32578785B4E38CC765AD01B86
                                                                                                                                                                          SHA1:388C382BEDA295EDAA6ED522EFABF3F4F917976C
                                                                                                                                                                          SHA-256:888CB78E02C9F494C4C43B93D35379125379F52DD5EFCB9EF93B985142A2A710
                                                                                                                                                                          SHA-512:4DD4107512C06F65816C0926FA7E35BE8DEF88923C5EC14F3FEF175D579163BF1B8DFD73B3921E684F038B82B6D45D1BF43705F0BAAC266F3FF0EFAF33CAE0C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3BFEE6F1AAA6203888EACD212AA6EA71B5BEE9F5E25B2EBFBF7067F80AE1F91149DA1C89745A5D6C58244D823622DBDAD484EB12F3CCDC2A6A8C7775DA7229D1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3828
                                                                                                                                                                          Entropy (8bit):5.649207863349993
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ElmtVPut9muF9guJVDWtfDUEWP4gU4zTA46AOifPY:ELt9mG9gMVDMfD7VgUeb6Z9
                                                                                                                                                                          MD5:1B10868D37908BD86B7016A29B5F25EE
                                                                                                                                                                          SHA1:C2E4775797236C4D6ADA09ACCA7DF1396A253C6B
                                                                                                                                                                          SHA-256:243269C9EE1A0B2214FBCC4D8B8CC60B19C49DE2391657D61566D94B633DBC8E
                                                                                                                                                                          SHA-512:17790A9419F8C60D7827E7EA0F6F6C2342262A5A0E329FB7646BF7F194C29122A2BF6851F8F3EFDD8B4D592F02AE7A9417C837D0CBDD9AAD490C3016D4B19D99
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.te z.jem o je.t. lep.. zabezpe.en. vyhled.v.n.?",.. TOAST_VARIANT_CHECKLIST: "Ano, chci po restartov.n. zapnout slu.bu Bezpe.n. hled.n..",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Hledat se zabezpe.en.m . ZDARMA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hledat bez ochrany",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechci bezplatnou ochranu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.e webov. ochrana nen. zcela nastavena . aktivujte ji zdarma",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ete nastaven. bezplatn.ho proch.zen. internetu McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chra.te sv. osobn. .daje",.. TOAST_VARIANT_1_INFO: "Proch.zejte web a vyhled.vejte s v.dom.m, .e va.e osobn. .daje jsou chr.n.ny. .ekneme v.m, kter. str.nky jsou bezpe.n. . a kter. mohou b.t nebezpe.n..",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3597
                                                                                                                                                                          Entropy (8bit):5.38823145550783
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:w/A9Lqnt+lLcLvjcU7s1KWfENcDh22BqOQiixQ:etCLovj5AIWfENkBqBy
                                                                                                                                                                          MD5:DFC68793AEBF3814FFC8951F1C9788C6
                                                                                                                                                                          SHA1:E34F45A30A65D8C82389F8BB9E5CE0F9D255DBFD
                                                                                                                                                                          SHA-256:1278F116A2F0E427DFCE371703EDC0E43D866FA6FD05524E6C1FD621B5D13475
                                                                                                                                                                          SHA-512:0A97336896050C8A613F4BBB5623E59D9D39734E4AEF008B6A5A01661D317DA57C6F87012E46225A1581D31F833B181EC7D6840DD3B4038AABC566096843C242
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du tilf.je ekstra s.gebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren.",.. TOAST_VARIANT_BUTTON: "F.rdig",.. TOAST_VARIANT_BUTTON_FREE: "S.g p. sikker vis . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.g uden sikkerhed",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke have gratis beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Din webbeskyttelse er ikke fuldt konfigureret . aktiver den gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "G.r konfigurationen af din gratis McAfee-webbeskyttelse f.rdig",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskyt dine personlige oplysninger",.. TOAST_VARIANT_1_INFO: "Gennemse og s.g, vel vidende at dine personlige oplysninger er beskyttet. Vi fort.ller dig, hvilke websteder der er sikre og hvilke der kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Fjern bekymringen fra

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3722
                                                                                                                                                                          Entropy (8bit):5.3472044793355
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:MO3e8qGlKtiKL/7vdAmPegpo1fkJFfVQz4bLECx8OoEHHyg:xdqGYtj/7vdAjgpSfkJBVQ8bI6Bo6Hyg
                                                                                                                                                                          MD5:0A2ED30C3EECB4CF37765E646CACC6CB
                                                                                                                                                                          SHA1:A12B346BCB761123CD56F7E5C2CCB89EFDEF06CE
                                                                                                                                                                          SHA-256:CC221A68C93F13C53558D2055BDA3FAB80D10F40C90EE51336540032CDB4A260
                                                                                                                                                                          SHA-512:AD7900FEDC2769C1FC137042F5857DA305C8AC5BB13B0C7B2D067B82FA45B2C5B7FE013A26DB4BFE668F947AE2D17309CB94113C955C1DA64C3D16538F5AD1A4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.chten Sie zus.tzlichen Schutz bei Online-Suchen?",.. TOAST_VARIANT_CHECKLIST: "Ja, die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. TOAST_VARIANT_BUTTON: "Fertig",.. TOAST_VARIANT_BUTTON_FREE: "Sicher suchen . KOSTENLOS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ungesch.tzt suchen",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ich m.chte keinen kostenlosen Schutz",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Ihr Web-Schutz ist nicht vollst.ndig eingerichtet . jetzt kostenlos aktivieren",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Schlie.en Sie die Einrichtung des kostenlosen McAfee-Web-Schutzes ab",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Sch.tzen Sie Ihre pers.nlichen Daten",.. TOAST_VARIANT_1_INFO: "Surfen und suchen Sie mit der beruhigenden Gewissheit, dass Ihre Daten sicher sind. Wir zeigen Ihnen, welche Websites sicher sind . und welche nicht.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6107
                                                                                                                                                                          Entropy (8bit):5.0275663208917445
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:3/3ftrYEERsgXRx/+P5BLE27ww5X4e0TSS8bW0u2Ml4:33trhEfXT+P5lrMSS8bEbq
                                                                                                                                                                          MD5:E371C4E4181BB6C48BA1059BAF7F825E
                                                                                                                                                                          SHA1:B65EBD4853A55203D7B2CB4427D0B0E060B0A0EF
                                                                                                                                                                          SHA-256:4E0049A9B211F6E189F266BBB0AA2A535EF1B524A5077BE437C8ECEC67AA2A1D
                                                                                                                                                                          SHA-512:9EB8139A47A6C2D3662ECEE5875E9B0321D08C565D9D607E90BF5DEB2D890ABAE9C87E3141288D6697E1D69FAAA0D786A8347BA11129444473DC6C6CAFD5A873
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... .. .......... ........ ......... ..........;",.. TOAST_VARIANT_CHECKLIST: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. TOAST_VARIANT_BUTTON: ".....",.. TOAST_VARIANT_BUTTON_FREE: "....... ......... . ......",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. ....... .........",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .... ...... .........",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". ........... ... ......... ... ..... ...... ........................ ... .......",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........... .. ....... ... ...... .......... Web ... .. McAfee",.. // Toast varia

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3367
                                                                                                                                                                          Entropy (8bit):5.339447864418538
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KDGTsDGspn5vrfL5mwfPUpGRtBRTyCM0RL+K8KfEKxKxUT4TyALYrkyL0LEtTC6m:XIisJlwrmtBJZM4d9AY4GbJpMlD+R6
                                                                                                                                                                          MD5:D65E21982BE527D20993CD94770C365E
                                                                                                                                                                          SHA1:DCAE25BB116F7E57C2D417D3E6D7D023FEA5C609
                                                                                                                                                                          SHA-256:F8A20862376EB665A3552163ACE561D8FFF208FE3873EA1BE074F8A8416CD9FE
                                                                                                                                                                          SHA-512:F2A00E42497F571643695246417A0A6E115112FD9E04743E9DE7F66F5C73EF17816AC788F6B4580E7F702F234236E499F36E8BAF1DFBCBA00FB75E399D1FFE57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Would you like to add extra search protection?",.. TOAST_VARIANT_CHECKLIST: "Yes, turn on Secure Search after I restart my browser.",.. TOAST_VARIANT_BUTTON: "Done",.. TOAST_VARIANT_BUTTON_FREE: "Search securely . FREE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Search unprotected",.. TOAST_VARIANT_BUTTON_NOT_WANT: "I don.t want free protection",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Your web protection isn.t fully setup.enable it for free",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Finish setting up your free McAfee web protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Safeguard your personal info",.. TOAST_VARIANT_1_INFO: "Browse and search with confidence knowing your personal info is protected. We.ll tell you which sites are safe &mdash; and which could be dangerous.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Take the worry out of the web",.. TOAST_VARIANT_2_INFO: "Browse worry-free k

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3632
                                                                                                                                                                          Entropy (8bit):5.3655626722955745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ks358rLYfTJnrXJm8Up0RtjRoZgeCYSL+VKDKNuKA5K7oUlYZxBOGsdUXc+Kno3U:vRg0tjy4BONb9GEjiGWPc+BIT
                                                                                                                                                                          MD5:7086DB58BEF90E2485362A687B1193E2
                                                                                                                                                                          SHA1:40F7EF9DF1B038E21C2407B2700EECCC770EC715
                                                                                                                                                                          SHA-256:73E3F3A389CB6D68CB8364E22C7ADC14D4B799E935764C0C704D27F3ADB76899
                                                                                                                                                                          SHA-512:A3EF7BC7CC94B67999A85C7127F4E08F53AE3A07D90762DD050E6A2B39670E0EBA32578C3B08068E15E341F630E5E802E63B03AE6AD270B08F79D7003CCE6E0E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Quieres a.adir protecci.n extra en tus b.squedas?",.. TOAST_VARIANT_CHECKLIST: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Buscar de forma segura GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A.n no has terminado de configurar tu protecci.n web: es gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web de McAfee gratis",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te indicaremos qu. sitios web son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Olv.date de los pe

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3652
                                                                                                                                                                          Entropy (8bit):5.368536208302948
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KHJS5wrLYl0ImbIrXJmfUp0RtjvZgPChBxZSLWKJKDuKlZKIUldZxecemv+G0pPN:QskmV0tjvHhHs4Db+XVpIWYcXBMEuaM
                                                                                                                                                                          MD5:C6C6C0D571E7CB6CC5F59B4FCAE365BF
                                                                                                                                                                          SHA1:F31FB42D5B7A12FE26D2DAECEF38474682A2AC45
                                                                                                                                                                          SHA-256:31DBA508B21F883090D05786870C58B4D9699EA1504A08DD91E7C7DE4C17DAE1
                                                                                                                                                                          SHA-512:185777C5FB3B47873306144B669DC68DBD5DF829E7E1EFF7B26153EFA50C3EAD4216D7241A62F730F7E6D056C9A76F8AB37050A916F5F42937C2235C89EC3E0F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Te gustar.a agregar protecci.n de b.squeda adicional?",.. TOAST_VARIANT_CHECKLIST: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Busca de forma segura, GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Tu protecci.n web no est. completamente configurada: habil.tala gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web gratuita de McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te diremos qu. sitios son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Navega por la

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3556
                                                                                                                                                                          Entropy (8bit):5.351456330736935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:dWem9nFXHGetHHST0of6hMJHL5Y+jMp1t3NQh8G6:shXmetHyYof6hMJHLm+jEt3NSU
                                                                                                                                                                          MD5:3E35952F91E14F643ABF2158AC781B8E
                                                                                                                                                                          SHA1:07BE2380AEA1C0C75FEFF727F0EA433B90D57D75
                                                                                                                                                                          SHA-256:2DEA9DBD87C484B89384B3F3C46020E376674C0CB780B04699682E354A647294
                                                                                                                                                                          SHA-512:82C14CE249BF7ED53A7B052A3D4582AA3823D4C3D605FAB4A588E6929615A92B82E6A3BF3AA27EFBCFFA73B2F94C587CDF47099F22840D6662435A453397937B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Haluatko lis.suojausta hauille?",.. TOAST_VARIANT_CHECKLIST: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. TOAST_VARIANT_BUTTON: "Valmis",.. TOAST_VARIANT_BUTTON_FREE: "Hae suojatusti . MAKSUTTA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hae ilman suojausta",.. TOAST_VARIANT_BUTTON_NOT_WANT: "En halua ilmaista suojausta",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Verkkosuojausta ei ole otettu t.ysin k.ytt..n . ota se k.ytt..n maksutta",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Viimeistele McAfeen maksuttoman verkkosuojauksen k.ytt..notto",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Turvaa henkil.kohtaiset tiedot",.. TOAST_VARIANT_1_INFO: "Selaa ja hae huoletta . henkil.kohtaiset tietosi suojataan. Kerromme, mitk. sivustot ovat turvallisia ja miss. voi piill. vaaroja.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Ei huolen h.iv.. verkossa",.. TOAST_VA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3937
                                                                                                                                                                          Entropy (8bit):5.32281826348224
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:a/ScFsBmXt/CuFCNSCAQ9BYYmWJmn9AvwuHAnp/SsQWgXReX:aKOEAt/tFqSpQ9BhrmKYEApKsQA
                                                                                                                                                                          MD5:5E5D7AFF28354B21C5A1E9FF5E5F445F
                                                                                                                                                                          SHA1:1320DE789DBAB278A23B9A220EC6E3021C9DE0E9
                                                                                                                                                                          SHA-256:05F9D8EE834A095D78AEBA4B337DF6E1D2E30930149F6EDC5A4CBCA44DD9CB8F
                                                                                                                                                                          SHA-512:AD3A6168A54ACAD4793A51A0A4B21131994DCC51B3D862E5CFDEB1E38210516A306858BCDB12D55681CB276A68ED3652498E998B1EEF0254C06A4DDB52140A9B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Aimeriez-vous ajouter une protection suppl.mentaire . vos recherches?",.. TOAST_VARIANT_CHECKLIST: "Oui, activez la recherche s.curis.e au red.marrage de mon navigateur.",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Recherche s.curis.e - GRATUIT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Recherche non prot.g.e",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne veux pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas enti.rement configur.e. Activez-la gratuitement.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Compl.tez la configuration de votre protection Web McAfee gratuite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos donn.es personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez avec confiance en sachant que vos donn.es personnelles sont . l'abri. Nous vous indiquerons quels sites sont s.rs et ceux qui pr.sentent un danger."

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4024
                                                                                                                                                                          Entropy (8bit):5.3193359368658095
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:b34FUJtSNXfN0SPAuWXhC00ZmnfQR9SujAnV3Jym4b:bQMtkWS4umSmoCgAVab
                                                                                                                                                                          MD5:A1892E90594E3605834BEC1E7931CF1D
                                                                                                                                                                          SHA1:F6098342968B92E3F300BDFA8A723BA6908671FE
                                                                                                                                                                          SHA-256:57D605C9A444A6EE90DC8BEE5D0B33E010E0F259576BFAD4546B09DD8C0AD4F1
                                                                                                                                                                          SHA-512:3E7E10ECC980BC07613B9C4A9B35D4D3C61BD16E00F71D25D8ED996F583EF03EDDB1524CF9A3AC5D88A2BC228197DA70F5293DF7F4780BD494B9C1C0A5E4F580
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Souhaitez-vous ajouter une protection de recherche suppl.mentaire.?",.. TOAST_VARIANT_CHECKLIST: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Rechercher de fa.on s.curis.e . GRATUITEMENT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Rechercher sans protection",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne souhaite pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas totalement configur.e. Activez-la gratuitement",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Terminez la configuration de votre protection Web gratuite McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos informations personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez en toute confiance en sachant que vos informations personnelles sont prot.g.es. Nous vous indiquerons quels sont les sites s.c

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3635
                                                                                                                                                                          Entropy (8bit):5.451457989016017
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ajcHGot9qU8FSKd49nVVtx5B9Psk+20fm0F:zBt9z8Fjd493txz/L0fmU
                                                                                                                                                                          MD5:635A8B7F820BB0D938227C1D4EAB0281
                                                                                                                                                                          SHA1:E7C3AEB1FEE9E598DE081EDD47BF0C81C5C9DF82
                                                                                                                                                                          SHA-256:C148F624285950E8B4B1984735624DE878F8BFE122A01954B21F45CBD0804679
                                                                                                                                                                          SHA-512:A7699FA0FBDCD0B17E1F88999E45E01AFCECFE9EAAD973D8F1341A37445B2439D856BF7C1E801AA69DC82D66D36448C3D3BD0DE23E41208D91E175EE711B95D4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodati dodatnu za.titu pri pretra.ivanju?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.ite Safe Search nakon .to ponovno pokrenem preglednik.",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Tra.ite sigurno - BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretra.ivanje neza.ti.eno",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a web za.tita nije u potpunosti postavljena - omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavljanje besplatne McAfee web za.tite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Za.titite osobne podatke",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte s povjerenjem znaju.i da su va.i osobni podaci za.ti.eni. Re.i .emo vam koje su web lokacije sigurne & mdash; a koje bi mogle biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3828
                                                                                                                                                                          Entropy (8bit):5.519316831709829
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KQpmKkwbL+sDfLlUpxKRtIC0vCGNAgc+LP+K5LK3TRKwJKV54QUQQ99P1s+l2cSl:6QtdTBPqw3Tg/UgbCx+lN4Dg
                                                                                                                                                                          MD5:96E295A9F114204E890862271C63D880
                                                                                                                                                                          SHA1:6878B3AE55F0949F06AC8DF45831CDC551826B24
                                                                                                                                                                          SHA-256:AFCFA1C8DD34E600C3258226C78FADDC260DE7187BECE3F04AA3110615E5459A
                                                                                                                                                                          SHA-512:19F84EE8BBD7D996684496B0B0333987280C0172FDD20A1A7523595DB734A73551A8BFBABBD508B0BA209D0A2AD0081480BCE410FE6C11D15DD23CC618062E3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Extra keres.si v.delemre is sz.ks.ge van?",.. TOAST_VARIANT_CHECKLIST: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tom a b.ng.sz.t.",.. TOAST_VARIANT_BUTTON: "K.sz",.. TOAST_VARIANT_BUTTON_FREE: "Keressen biztons.gosan . INGYEN",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Nem v.dett keres.s",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nem szeretn.k ingyenes v.delmet",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webes v.delme nincs teljesen be.ll.tva . kapcsolja be ingyenesen",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Befejezte az ingyenes McAfee webes v.delem be.ll.t.s.t",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Szem.lyes adatok v.delme",.. TOAST_VARIANT_1_INFO: "Magabiztosan b.ng.szhet, hiszen szem.lyes adatai biztons.gban vannak. Megmondjuk, hogy mely oldalak biztons.gosak, .s melyek lehetnek vesz.lyesek.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3548
                                                                                                                                                                          Entropy (8bit):5.225354583301116
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:9xj3zLp7tpe0ddA4Pxt9Qmcnq1qYENfDI/0DEufz3:T17tpe0sQxt9QZ+qHY0xfz3
                                                                                                                                                                          MD5:C699BE946595D5570117C65EFC33D351
                                                                                                                                                                          SHA1:2AD5115FBC1C3B6D21575004BD044F4D3FECBAA3
                                                                                                                                                                          SHA-256:4D56FD1B919C62545A20051E60B3B7CBBD6714948DCAFEFB3A91FF4823B5ADEA
                                                                                                                                                                          SHA-512:EBE4B83924023ADFDB56AD456FD77B119FB1DFBC9FE2171CB4B338AE72425DFD73EBC034F8BE9A9CF95145307BF80170877350EF4C766FA7EEF41BC896642E5D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vuoi aumentare la protezione delle ricerche?",.. TOAST_VARIANT_CHECKLIST: "S., attiva la ricerca sicura dopo il riavvio del browser.",.. TOAST_VARIANT_BUTTON: "Fine",.. TOAST_VARIANT_BUTTON_FREE: "Ricerca sicura . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ricerca senza protezione",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Non desidero la protezione gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "La protezione Web non . configurata completamente. Attivala gratis.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Completa la configurazione di McAfee Web Protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Tutela le tue informazioni personali",.. TOAST_VARIANT_1_INFO: "Naviga e cerca senza timore sapendo che le tue informazioni personali sono protette. Ti segnaleremo i siti sicuri e quelli che potrebbero essere pericolosi.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Naviga sul Web in tutta tranquillit.",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3960
                                                                                                                                                                          Entropy (8bit):6.013797513205256
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:6hHMKEaeQVt4/aWso3rOx4mc2JYtwhnoIZH7ShZ0:YB5ztO57Ox4mJ8Eogmv0
                                                                                                                                                                          MD5:40C99A285789A907E8BEF19FB7B52C28
                                                                                                                                                                          SHA1:91FCBE513966FE10F78BE3D6DD8AA870788D7ECC
                                                                                                                                                                          SHA-256:EC8238149FBDA3CA54C7C2220E992D19347387AFDE2B798062D218754ABFB87A
                                                                                                                                                                          SHA-512:25B20C459978D9F30DA84564038F5FB2497196CA3C50DEC649B71CFAFDD878B95DAACF7934A79A216D7BBA248AD95B6D8F532DC805A3132BEDE8F5C0913ED7C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: ".................. ...........",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "..... - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..........",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web ...................................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........ Web ...................",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "............",.. TOAST_VARIANT_1_INFO: "..................................................",.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3783
                                                                                                                                                                          Entropy (8bit):5.9318006777716
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KwNX9/6gkTR6wtUp7RtlvCI/Lg7KoR/+KNM2KHK4Uq0RxIZr1ZNpiL8s/cCM7R+W:P26Ft8+W/rNIqxmQlbe6qX7
                                                                                                                                                                          MD5:D1F82AA54D8927A5408E7F40A522959A
                                                                                                                                                                          SHA1:C515FF839390EB21E564ECA95F28B0638F1D22AF
                                                                                                                                                                          SHA-256:323724ADD81E31420FFEF259F0D55830A48EDE568829254AB4AC076102A689C4
                                                                                                                                                                          SHA-512:252CF1BDF3890420BA59B56C8FFA9D7CCA6D75304F8E8B8FBDCA82638CFB76AEB6527A9C9D38A526248604D74AD28F84E6DC0952AC97BF34085155F005C2BAE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".. .. ... ........?",.. TOAST_VARIANT_CHECKLIST: "., . ..... .. ... . .. ... .......",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "... .. - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. .. ..",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".. ... .... ....",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". .. ... .... ...... ... ........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".. McAfee . .. ... ......",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".. ... ......",.. TOAST_VARIANT_1_INFO: ".. ... .... .... .... ....... ... .... ... . .. .... .......",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3599
                                                                                                                                                                          Entropy (8bit):5.366390217230944
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:wMQx7teYFyZ8K3XdIcJK10kNeso2bMUaMZiBdiPQ:8teYFyZ8K3N9E10kNtoYMUaMZo
                                                                                                                                                                          MD5:B6779C95B817DDA4E330B888D069BF45
                                                                                                                                                                          SHA1:98C7C2F7F92447FB366EFA9AE083204F37466AA8
                                                                                                                                                                          SHA-256:9C1F0ED884D7047FFA694C48DB200939B3692EE1D2BF635DEEE6AFD44CE7AF0D
                                                                                                                                                                          SHA-512:6ADFE8FCB5CF891EC81D88E9087BB88A38F5BD23950B446F48B06766F24AA29A6ACEC9529E37966ECE99C19FA839600A920662B6F4B91FFF935B1A65CCF925F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du ha ekstra s.kebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. TOAST_VARIANT_BUTTON: "Ferdig",.. TOAST_VARIANT_BUTTON_FREE: "S.k sikkert . KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.k uten beskyttelse",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke ha kostnadsfri beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Nettbeskyttelsen din er ikke ferdig konfigurert . aktiver den kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Konfigurer resten av nettbeskyttelsen din fra McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskytt personopplysningene dine",.. TOAST_VARIANT_1_INFO: "Du kan surfe og s.ke uten bekymringer i visshet om at personopplysningene dine er beskyttet. Vi forteller deg hvilke omr.der som er sikre og hvilke som kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Slipp . beky

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3539
                                                                                                                                                                          Entropy (8bit):5.3233739834300255
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:WupCvikhC0tR356VrLrVHgKFteK5/AhK/pxFoD4QkH2:WupCvikbt9AVrLrVHhuk/AhK/pxOD4Qr
                                                                                                                                                                          MD5:3265D24F7B970691AE283AA43AA82D38
                                                                                                                                                                          SHA1:44A6DCD5CDC1850B588854B867EDB3B7A6A9F2DB
                                                                                                                                                                          SHA-256:390661E5979CC2481DDA85BBBBCC35D90C9E4FA5A3DD0F6AB18A7F824237A244
                                                                                                                                                                          SHA-512:18D4C45393F35C584F8C07E7FB023CC55C44C4B65B206DF3872704230D96EFF59B610472692E664A075D77ADDD86EE46CE431300513C1AA0A72ACD04E59E677B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Wilt u aanvullende zoekbescherming toevoegen?",.. TOAST_VARIANT_CHECKLIST: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. TOAST_VARIANT_BUTTON: "Gereed",.. TOAST_VARIANT_BUTTON_FREE: "Veilig zoeken . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Onbeschermd zoeken",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ik wil geen gratis bescherming",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Uw webbescherming is nog niet volledig geconfigureerd. Schakel uw bescherming gratis in.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uw gratis McAfee-webbescherming instellen",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Bescherm uw persoonlijke gegevens",.. TOAST_VARIANT_1_INFO: "Browse en zoek vol vertrouwen in de wetenschap dat uw persoonlijke gegevens worden beschermd. We laten u weten welke websites veilig zijn, en welke mogelijk niet.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Zorgeloos browsen",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3618
                                                                                                                                                                          Entropy (8bit):5.593202969337174
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:QrIqKLAst649Gs63IcBPevJwh8i8iiQlacMrIMXkIxL:QcHtn9/pcBPevJwh8i8iiQlacMcMVF
                                                                                                                                                                          MD5:B2EF550A2B6B891FC4885EDC053196ED
                                                                                                                                                                          SHA1:DCF3E630E1FEEF0F3EBD207FCAA54954C32D3271
                                                                                                                                                                          SHA-256:58BD78EE577D8A7C3DB8B7E4D3FDB88A362F192C1F9230CAA14DECEE5C981663
                                                                                                                                                                          SHA-512:77AD4D35C0D99F0901123E8B8B4E03ED7C35452FC127073ABBCCA625DA6C3017C0513A2C1F11F7F0132C018D423548C6A20212F434B90B346103D9E60532150F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcesz zwi.kszy. bezpiecze.stwo wyszukiwania?",.. TOAST_VARIANT_CHECKLIST: "Tak, w..cz Bezpieczne wyszukiwanie po ponownym uruchomieniu przegl.darki.",.. TOAST_VARIANT_BUTTON: "Gotowe",.. TOAST_VARIANT_BUTTON_FREE: "Wyszukuj bezpiecznie . BEZP.ATNIE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Wyszukuj bez ochrony",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nie chc. bezp.atnej ochrony",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Twoja ochrona w sieci Web nie jest do ko.ca skonfigurowana . w..cz j. bezp.atnie",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uko.cz konfiguracj. bezp.atnej ochrony sieciowej McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chro. swoje dane osobowe",.. TOAST_VARIANT_1_INFO: "Spokojnie wyszukuj i przegl.daj, wiedz.c, .e Twoje dane osobowe s. chronione. Powiemy Ci, kt.re witryny s. bezpieczne, a kt.re nie.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Spokojnie korzyst

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3738
                                                                                                                                                                          Entropy (8bit):5.341816172018693
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KpaRlEpnKqfJuUuRwyUptRtbVaKjJOhCf+L7UKkKwKfK6TU0kPVdq54420uUFLtO:w3HtvJxfqFZC/tdHLwjL7+
                                                                                                                                                                          MD5:76F46CD2B966706F21093AA71A1A8EF5
                                                                                                                                                                          SHA1:BCE9512FDC8257AE0AB1D367A453DA4B5D8B9193
                                                                                                                                                                          SHA-256:A7488A665B0498C299063FA3BC97E99523E91FEEC72E6598072210FEEE03998F
                                                                                                                                                                          SHA-512:AED61176AF728CFEA03C90FD795114C2402ED8C6818DD3CC9128370C1EA1AE9FC45D8E34D2127E9806ABF41AC5F2BF65E8DB66F6384063E0D8C3FAA03F06EDFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Voc. gostaria de adicionar prote..o de pesquisa extra?",.. TOAST_VARIANT_CHECKLIST: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquise com seguran.a GRATUITAMENTE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisa n.o protegida",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Eu n.o quero prote..o gr.tis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Sua prote..o na Web n.o est. totalmente configurada. Ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Conclua a configura..o da prote..o gratuita da Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com confian.a, sabendo que suas informa..es pessoais est.o protegidas. Informaremos quais sites s.o seguros . e quais podem ser perigosos.",.. // Toast variant 2 specific.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3683
                                                                                                                                                                          Entropy (8bit):5.333373479671786
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KVFTplRl0d61FB0yUpDRtbVaK6HOd0TZeC5p30BL7UKkKHKMKFTUBk30aB5qyQOc:GE3ttmud03zEPFqtvEezHWNd62
                                                                                                                                                                          MD5:507B9571E311F50013920017D26891B7
                                                                                                                                                                          SHA1:8F66344D4870A95D6558EB91EE894CCE2C560633
                                                                                                                                                                          SHA-256:5E7798ADC4AB204D50ECF6984AFA3285E3E795066A5A95BB3369171199059C86
                                                                                                                                                                          SHA-512:8B0760E09F14391DF1E4B32782CA8FED55108729FD04FB9256FA16F1383C05C5C669B3E69E18EC6DA2CA7AFE2E661CEC9D9E5F643605022842E35C2D77CC925E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Pretende adicionar prote..o de pesquisa suplementar?",.. TOAST_VARIANT_CHECKLIST: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquisar em seguran.a . GR.TIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisar sem prote..o",.. TOAST_VARIANT_BUTTON_NOT_WANT: "N.o quero prote..o gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A sua prote..o Web n.o est. conclu.da: ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termine a configura..o da sua prote..o Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja as suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com a confian.a de que as suas informa..es pessoais est.o protegidas. Vamos indicar-lhe que sites s.o seguros e os que podem ser perigosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Deixe

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5374
                                                                                                                                                                          Entropy (8bit):5.134747831277087
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:/Li+T0t5WKRmY8vzQedwpNv473IdQ/NtRk3:f0t5Dl8vzQex7DNPU
                                                                                                                                                                          MD5:6AC6EA6256C064FAE13981FA508E046D
                                                                                                                                                                          SHA1:97AB6B196AB4DEBA93EA779BE7E0F0C9CC19D4BB
                                                                                                                                                                          SHA-256:82AE1DA37D5BBA6BE06FE96F45B521E2140BE6D714AF1188C2E393BCA664E063
                                                                                                                                                                          SHA-512:6A4067E422B3F11317DFFE8F224AB3FB4399F0A3CE53E0822CF433DDBA260F4CE90BD90F65669A44B536DC02B9FFE8BD68BCDEA127743AFA348B4246DBBDC214
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... ........ .............. ...... ......?",.. TOAST_VARIANT_CHECKLIST: ".., ........ .......... ..... ..... ........... .........",.. TOAST_VARIANT_BUTTON: "......",.. TOAST_VARIANT_BUTTON_FREE: ".......... ..... . .........",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..... .. .......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .. ..... .......... ......",.. TOAST_VARIANT_TITLE_NOT_SETUP: ".... ...-...... ......... .. ......... . ........ .. .........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "......... ......... .......... ...-...... McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........ .... ...... ..........",.. TOAST_VARIANT_1_INFO:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3752
                                                                                                                                                                          Entropy (8bit):5.646352630188663
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:G/v3lJ6qJt9g29MgiL+tBjYE7+R8LB0HDDx+UHnFn:G3l4At9g29MnL+tpYE7o8LB0Xx+GFn
                                                                                                                                                                          MD5:391A2E6DD3E758834DF894E83A12EBF8
                                                                                                                                                                          SHA1:0CF94794984AA8C1B21014D812719EB5D677FAB2
                                                                                                                                                                          SHA-256:535322F326167CB53DB5E7F9DD0FF3E2A92AFD140105A210B0F3BEAC0E49BCA9
                                                                                                                                                                          SHA-512:6492C0523193497F1284A9084C2DF32E60C54985E1B86F9BBEEA8872525E85CAE16868E85CA461A5D792AE3CECA269A214B191A9D461E5B0D5019EA094681FC8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcete zv..i. zabezpe.enie vyh.ad.vania na internete?",.. TOAST_VARIANT_CHECKLIST: ".no, zapn.. zabezpe.en. vyh.ad.vanie po re.tarte prehliada.a.",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Vyh.ad.va. so zabezpe.en.m . ZADARMO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Vyh.ad.vanie nie je chr.nen.",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechcem ochranu zadarmo",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webov. ochrana nie je .plne nastaven. . aktivujte ju zadarmo",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ite nastavenie webovej ochrany od McAfee zadarmo",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chr..te svoje osobn. .daje",.. TOAST_VARIANT_1_INFO: "Preh.ad.vajte web a.vyh.ad.vajte inform.cie bez ob.v v.aka ochrane osobn.ch .dajov. Uk..eme v.m, ktor. lokality s. bezpe.n. a.na ktor.ch hroz. nebezpe.enstvo.",.. // Toast variant 2 specific.. TO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.445792953663574
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5541sqXt9UFE+s49f8cQq5gAWFLrf9UQbb:5Yt9UFq49LQqyfFvOQbb
                                                                                                                                                                          MD5:4BF1A45DD0062D14B5E73AA77D5E4264
                                                                                                                                                                          SHA1:3DAEB57E91EE1520654627AEEC3656F7346D2886
                                                                                                                                                                          SHA-256:624ACB70E6C4387F96BD5A39B74A146AC9400795398168817362D3E15792B556
                                                                                                                                                                          SHA-512:AF5AD3754806776B378EE00F14360E4339B475CC90952541765C35517399F1DCE43E2E42D15AEDBE8306E08ED74E7135F3ECAD9895C6890E82464FB7774EF9DF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodatnu za.titu pretrage?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.i Secure Search nakon .to ponovo pokrenem pregleda..",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Pretra.ujte bezbedno . BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretraga nije za.ti.ena",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a za.tita na internetu nije u potpunosti postavljena.omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavku va.e McAfee za.tite na internetu",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".titite li.ne informacije",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte bez brige znaju.i da su vam li.ne informacije za.ti.ene. Re.i .emo vam koje lokacije su bezbedne . a koje mogu biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite brigu sa veba"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3492
                                                                                                                                                                          Entropy (8bit):5.431086625606851
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KaGqWQzrHqWU7B10Up8LRtXbY8ACXGiLuKcUCLK6LKVKo9U31Ta920FLlpx/TV56:B6CtsQ2klVdM5+9npxU2oBZvOGj
                                                                                                                                                                          MD5:70B8C274779F7889BD6A8AFF5E18D565
                                                                                                                                                                          SHA1:820BD74BFBD9D238B22FB259C265827F872CFB87
                                                                                                                                                                          SHA-256:C7C2FF04AC3C5904F54FB52B50CABC1C8F35E37C2B66427CCAE2E8F56D8614BE
                                                                                                                                                                          SHA-512:C0FD21AD75E602E725A334227760475DC02294770758861A1445A8CE9294C0A76A01D5C6B9122FF37C3A6C8AB260150D9495850996DDC849D93A2E5B399BAECD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vill du l.gga till extra s.kskydd?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. TOAST_VARIANT_BUTTON: "Klart",.. TOAST_VARIANT_BUTTON_FREE: "S.k s.kert - KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Oskyddad s.kning",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jag vill inte ha kostnadsfritt skydd",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Inst.llningen av ditt webbskydd .r inte fullbordat - aktivera det kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Fullborda inst.llningen av ditt McAfee-webbskydd",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Skydda din personliga information",.. TOAST_VARIANT_1_INFO: "Surfa och s.k tryggt i vetskap om att din personliga information .r skyddad. Vi ber.ttar vilka webbplatser som .r s.kra . och vilka som kan vara farliga.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Surfa p. n.tet utan oro",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3702
                                                                                                                                                                          Entropy (8bit):5.50838372099097
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:K2rafAlFLhKpoLQHdPUpI5LRtHyderOYC3LCyrsgLLsnLKIlIKfLKb3LKyjqMURs:CCIbtSgyGyouKx+bG/dDeFfQ3t16h8E
                                                                                                                                                                          MD5:7271EB48AC8670DCFB2660DFE70AFFB7
                                                                                                                                                                          SHA1:E43A98848A809F9378A2B2ADCB40886A5ECA27D5
                                                                                                                                                                          SHA-256:1E28229CF8C4EBF3BB6D878EDCE4C0E20BF80308F8153F1BF324C0AFDB98A4FE
                                                                                                                                                                          SHA-512:A7DCB170713CBCD66FD31D1E8E6D5C571A11CB246DCB3603CE234DF1A9F3FF07DEF5A1339AC2C96639F6024D69B02313BFD07E6343B6BA0D90C5E1438E2E8E77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Ekstra arama korumas. eklemek ister misiniz?",.. TOAST_VARIANT_CHECKLIST: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. TOAST_VARIANT_BUTTON: "Bitti",.. TOAST_VARIANT_BUTTON_FREE: "G.venli arama yap.n - .CRETS.Z",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Korunmadan arama yap.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".cretsiz koruma istemiyorum",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web koruman.z tam kurulmam.., .cretsiz etkinle.tirin",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".cretsiz McAfee web koruma kurulumunuzu tamamlay.n",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Ki.isel bilgilerinizi koruyun",.. TOAST_VARIANT_1_INFO: "Ki.isel bilgilerinizin korundu.unu bilerek g.venle gezinin ve arama yap.n. Hangi sitelerin g.venli, hangilerinin tehlikeli olabilece.ini size s.yleyece.iz.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Endi.eleri webten uzak tutun",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3220
                                                                                                                                                                          Entropy (8bit):6.3278451090740155
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KpV0YrIr3BkaxUpYNRtt5K2dCaLQzKeKGBKHlKCQUDlFJ5g68a1MzflHS/+xKAYq:aS9KotKvaLJ8CJFPl8aSwXNtl43ec
                                                                                                                                                                          MD5:D3F97BFDCE355DDE0CF1F3553D16BE65
                                                                                                                                                                          SHA1:29042AABB6ECA8DD6ACC3813FA43731490F5D5E6
                                                                                                                                                                          SHA-256:B309E8FEE0E568DE9999166FA80166C043EA11275CF9E668969653A50F072838
                                                                                                                                                                          SHA-512:2DA5402CE577B7F3CDB3CC15FA39977C204BB1C4D6B3CAB66F4FE225B760F630CC589665C056C0FDD6F7A83371C88A63B19FE25AAD43AE68B1A6D44EAE6FC9AE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...........",.. TOAST_VARIANT_CHECKLIST: "................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "...................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".............",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: ".................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "......",.. TOAST_VARIANT_2_INFO: ".........................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3309
                                                                                                                                                                          Entropy (8bit):6.333278042576984
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:LjGwO6t6wKA44s2xr92kwcK8jtUuhSSmSK:tt6wc4s2xrskwc3U6SS/K
                                                                                                                                                                          MD5:35EBE25CC3A2E5DB8F8BCDC7F40F5AF7
                                                                                                                                                                          SHA1:0750AFD4587645E7A27EA892101D88EF4AC82329
                                                                                                                                                                          SHA-256:A46AF7AF0A79C5262FF095245702E882129D76E97C2BCF64C922F4DDD460EB55
                                                                                                                                                                          SHA-512:7B98F0549487364DC8D354C035B5B52C63C207DE915A8F26EA8887DAFD612F16DC8496F066E368DB332FD32A984437DF85860C0431A0645C9727B7E5AE3221AC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: "...................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ....",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".............",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "..... Web ...........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "..... McAfee Web .....",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: "................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: ".......",.. TOAST_VARIANT_2_INFO: "..........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2317
                                                                                                                                                                          Entropy (8bit):5.724232664480202
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvSUqYRSK+R28Y2zgJsQqpq/83qkj6B9nw4RJtlzJMO90:C6UnSKOY2zegB6Dn3Me0
                                                                                                                                                                          MD5:8FBFC0B500D0BC4EFE3EC1A966E1085C
                                                                                                                                                                          SHA1:8BD7E8CB64DF6CA9FA4136177617BE7F0BEFEE70
                                                                                                                                                                          SHA-256:563443189E2D314696BA333452D09EBA24AF779A3B54CC59B2051EE1E7AA5D3F
                                                                                                                                                                          SHA-512:8E690D9BD250E2BDD6BEF345A60547EA1A7BBC90FA667F6865B5C6F3CCED50AE4E9B74EBF5F68F242529203AB7655C58F7D003097705597A20556307F184ED71
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.te k dispozici dal.. mo.nosti ochrany",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Vy... ochrana je p.ipravena",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Vy... ochrana je vypnuta",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Tyto funkce vy... ochrany v.m zajist. v.t.. bezpe.. online. Zapn.te je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.e je nastaveno! Kdy. p...t. znovu spust.te prohl..e., budete moci s jistotou vyhled.vat pomoc. funkce Bezpe.n. hled.n. McAfee, kter. v.m uk..e, kter. str.nky lze bezpe.n. nav.t.vit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Je vypnut., proto.e bylo zak.z.no nebo odebr.no roz...en. pro hled.n., kter. je sou..st. vy... ochrany. Z.skejte tyto funkce zp.t.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2319
                                                                                                                                                                          Entropy (8bit):5.421754373500763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvJjkjVsFprf0Ksd4Ajfm0p4TS4Zudo0xTn:Ctk5Ux3Ajfme4TSjxTn
                                                                                                                                                                          MD5:034A852A7AFFC3EF7DBDCED3254C3778
                                                                                                                                                                          SHA1:870E0006CF102E9DDAF9042AE551346C5DD8CAF1
                                                                                                                                                                          SHA-256:030D2160B2884238A9F1043DC7DBBD15D603F62E2F49C10A258F76B915FB64C4
                                                                                                                                                                          SHA-512:5F4A8D4CFFE613CC64FE45A606AF50D09F36F14B9864923A24183070CC354C0E7AD803F19AF3B6AAF724CD0326C044D9792B71BD1FF3AAE7E4A0A486AEC81705
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har flere beskyttelsesmuligheder",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er aktiveret",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er deaktiveret",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse ekstra beskyttelsesfunktioner forbedrer din onlinesikkerhed. Sl. dem til.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt er parat. N.ste gang, du starter browseren, kan du surfe p. internettet i sikkerhed, fordi McAfee sikker s.gning viser dig, hvilke websteder det er sikkert at bes.ge.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funktionen er deaktiveret, fordi s.geudvidelsen, der er en del af den ekstra sikkerhedspakke, er sl.et fra eller er blevet fjernet. F. disse funktioner tilbage nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sikker s.gning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser dig, hvilke websteder d

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2382
                                                                                                                                                                          Entropy (8bit):5.446769832572551
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvzhxfTyDKyA7h3CFycAOFsxEclSgHcFhXo09:C1xfeDS3CT2IrTXoi
                                                                                                                                                                          MD5:F3F4A62E48EB00A428DCE99AAB56426E
                                                                                                                                                                          SHA1:C5075EF807FB5F4C9B7D106DDBE13068074ABA3F
                                                                                                                                                                          SHA-256:1C4A14BCFA12486607EC885B49C66B88180295A20F613F7F2F3715B0FB9F2E79
                                                                                                                                                                          SHA-512:F84088D8F7DA40D4F41F5559FBB8111D1945AACC8A26B2E07F2302E51BB4CB375E394BEAB100FECA5229B01B3B1C94D063A23BCE5CB69E197F840E6F66C5C68D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Es sind weitere Schutzfunktionen verf.gbar",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zus.tzlicher Schutz wartet auf Sie",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zus.tzlicher Schutz ist deaktiviert",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Mit diesen Funktionen des zus.tzlichen Schutzes sind Sie online besser gesch.tzt. Aktivieren Sie sie.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alle eingerichtet! Wenn Sie das n.chste Mal Ihren Browser .ffnen, sollten Sie die sichere Suche von McAfee nutzen, um in Ihren Suchergebnissen zu sehen, welche Websites sicher sind.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Sie ist derzeit nicht verf.gbar, da die Sucherweiterung, die eine Komponente des zus.tzlichen Schutzes ist, deaktiviert oder entfernt wurde. Aktivieren Sie diese Funktionen jetzt wieder.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sichere Suche", .. SEARC

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3630
                                                                                                                                                                          Entropy (8bit):5.084257425787037
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CNwyIyaSMAwsC38BDAeuDFKed0uHpUjF0:CNuzDAAmtuJlDpUS
                                                                                                                                                                          MD5:0D24410CF5B30B902325CC2FC0D81A35
                                                                                                                                                                          SHA1:F2277D2512CD12B8AAB40A37D945B16E3029B4F7
                                                                                                                                                                          SHA-256:2CA59554DC742F0AAA6D7DA6790D63963751D5177F32634D7B207D2CB507290C
                                                                                                                                                                          SHA-512:E70CF3F294F1B459DDD6526F354E6884A19D6B019451A6DBE34FFD5CB31DACE9695C90E664AFE5B562ED1AF4359AFF6884744780D5B646CD96C15C9CB965456B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "..... ........... ......... .........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ". ........ ......... ..... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ". ........ ......... ..... ................",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "..... .. ........... ......... .......... ... ....... ... ........ online. ............. ... ............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .......! ... ....... .... ... .. .............. .. ......... .......... ..., ......... ........... .. ..... .. ... ...... ......... McAfee ... ... ....... ..... .....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2039
                                                                                                                                                                          Entropy (8bit):5.454774830011741
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Cv45dlzloc0Zvdr05DJMtWXS7bJ3sLEISktCRHJ:CKHzloLZ25DJMtiUW4NkML
                                                                                                                                                                          MD5:15A864FD05C99B179425837A13C4CBE0
                                                                                                                                                                          SHA1:EE95A3F34014E21B93BE7E6E3862EE99611D5B39
                                                                                                                                                                          SHA-256:A0D9E7F74A3C0FFFCC2DAB33E2D65D634D5BEE10BB5C324E36C40475FBF8C9CA
                                                                                                                                                                          SHA-512:68FC08552E65B82F877589CCB772EC86B0277081F4A21C9CE55DEABCC8D188DCCB2B4AF59E5DB5AC6053EA7D9DD408B5E4D6030A315585CF697C5013D7C92CC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "You have more protection available",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Added Protection is ready",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Added Protection is off",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "These Added Protection features keep you safer online. Turn them on.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "All set! The next time you restart your browser, search confidently with McAfee Secure Search showing you which sites are safe to visit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "It's off because the search extension that's part of Added Protection was disabled or removed. Get these features back now.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} shows you which sites are safe before you visit them.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Ad Blocker", .. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2325
                                                                                                                                                                          Entropy (8bit):5.427575417384713
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdgk9mBAPBQdBFXyUzwXFoI1mfCzZA8hmUA1ov8KJMfePnEW4dpaPVFk4/3PD:Cv7MkYFXTzGFoIEWPyovzQArVZGLIAgh
                                                                                                                                                                          MD5:B519B450222241C6A0601353CC10AABA
                                                                                                                                                                          SHA1:836433CE93A836B5DCA03BA58AF0B105D6FED78E
                                                                                                                                                                          SHA-256:3D1D0075BFEE0F425D78329DD03C12DB39E4D9EEDD19415D255BBD656E7BC60B
                                                                                                                                                                          SHA-512:C3E68EF44D59BB81951EB037B178FCA15A6301D324396CAFDBDB56B68A83E45314DC3C8318D5FC900892A79298FD01E485BF4412984542F3AA722E96660AD402
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puede disfrutar de m.s protecci.n",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protecci.n a.adida est. activada",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protecci.n a.adida est. desactivada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funciones de Protecci.n a.adida le mantienen a salvo en Internet. Act.velas.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Ya est. todo configurado. La pr.xima vez que reinicie su navegador, tendr. la tranquilidad de saber qu. sitios web son seguros gracias a la B.squeda segura de McAfee.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda incluida en la Protecci.n activa est. desactivada o se ha eliminado. Vuelva a activar estas funciones ahora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} le muestra q

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2241
                                                                                                                                                                          Entropy (8bit):5.4587498644754175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdgWQIvN6tKQtqWmwUV5mOZzZCB4vhmUwRKJhZfeT5gAdFqdVtBcwKHvcJi94:CvlQIjWZKTZ8Kp6c0jqrtqvEIU3
                                                                                                                                                                          MD5:5F2DD39BAE6409010449EBA3F028DA7C
                                                                                                                                                                          SHA1:442432AD15E77776A44CF557C4C3B397141ABEB9
                                                                                                                                                                          SHA-256:19873840D8D3FAC6D4CBC3624378C5850704A85FA0475883E1A50ECB131E6650
                                                                                                                                                                          SHA-512:AB73D271CDA2CD94667CBD7B37A26303CB59EB9EEBFFCEE30C232F59434A75454F154AD273E2047CD05C99EC66E0DCB0338546C31BF357AE609DCF1592796B2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tiene m.s protecci.n disponible",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Protecci.n adicional est. listo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Protecci.n adicional est. desactivado",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas caracter.sticas de Protecci.n adicional lo mantienen seguro en l.nea Act.velas",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".Todo listo! La pr.xima vez que reinicie su navegador busque con confianza ya que B.squeda segura de McAfee le mostrar. cu.les sitios son seguros para visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda que es parte de Protecci.n adicional fue inhabilitada o eliminada. Recupere esas funciones ya mismo",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} muestra qu. sitios son seguros ant

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2246
                                                                                                                                                                          Entropy (8bit):5.418192884712719
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdgGvLPUQPmMdzpP5x4bICHA4fEOGVGd1Pwsx7LmNhI+a6soNxawi9dySBx74:CvXlmMd9m6mdFwWrZ6kxuFrCQeNQ
                                                                                                                                                                          MD5:7579677AE9F8F2336BAF326735569F81
                                                                                                                                                                          SHA1:FF6B16BE83B94E74410FC80C63D0843383BFF6D0
                                                                                                                                                                          SHA-256:AA0DC11B2EFEAE5A32399F52E5DB42B4B8A07D332C29F132C42E33CFDB6C93E5
                                                                                                                                                                          SHA-512:86EDB2E70DB3245399AADF449CF79015D381CB22B57F267FCBB33CB8EFEAFF03033DC49071F34D828B54F55399509CF87788A25B052B53E277158C246E23B6EA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Lis.. suojausta saatavana",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Lis.suojaus on valmis",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Lis.suojaus on poissa k.yt.st.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "N.ill. lis.suojausominaisuuksilla pysyt paremmin turvassa verkossa. Ota ne k.ytt..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Kaikki on valmista. Kun ensi kerralla k.ynnist.t selaimen uudelleen, voit tehd. hakuja turvallisin mielin McAfeen suojatulla haulla, joka n.ytt.. vaarattomat sivustot.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Se on poissa k.yt.st. siksi, ett. lis.suojaukseen kuuluva hakulaajennus oli poissa k.yt.st. tai se poistettiin. Hanki ominaisuudet heti takaisin.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfeen suojattu haku", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} n.ytt.., mitk. sivustot ovat vaarattomia ennen

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2413
                                                                                                                                                                          Entropy (8bit):5.4551318322529045
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvmQM4M92AhLMdlzu5ZHl0l1nD2qqhhUq:C+W42AhLmlzu5BkJyqCV
                                                                                                                                                                          MD5:3273690404BBDBBF2689E7BAF956D827
                                                                                                                                                                          SHA1:3A8C6C6D74B75F860CCADE4B19A53A7475B2DBC8
                                                                                                                                                                          SHA-256:68FE7B0E79443C8D982B2DC52E9B9C25292CEA579E2EB3B407D9171CEC2EC46D
                                                                                                                                                                          SHA-512:0E20B1324F39FAE3EBA994BEEF3C5FB30E80B1D19406C17FA0B9C556E7740D9AC36EAA4B8A2EA99507C836E9003BF79587672A587ED8DA3DCBFCF06F70C845FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Plus de protection disponible pour vous",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protection accrue est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protection accrue est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctions de protection accrue vous apportent plus de s.curit. en ligne. Les activer.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Pr.t! La prochaine fois que vous lancez votre navigateur, parcourez le Web en toute qui.tude pendant que la fonction de recherche s.curis.e McAfee vous indique les sites dignes de confiance.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Cette fonction n'est pas activ.e car l'extension de recherche qui fait partie de la protection accrue a .t. d.sactiv.e ou supprim.e. R.tablir ces fonctions maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_ADBLOC

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2494
                                                                                                                                                                          Entropy (8bit):5.43753803112721
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvqwGuHF9o9/EuB8u5J5AxHaaydCPjPXnbch:CSwGeY/EuB8u5olydCPrbK
                                                                                                                                                                          MD5:13CBA9B83E6EFA161D75727DF200180E
                                                                                                                                                                          SHA1:B2811B7661A2340AAB559FA0E478C360AA499977
                                                                                                                                                                          SHA-256:92A78F8512A48A9C48BBFC851101CAB367180892F0B98724463FBB98122BCCE4
                                                                                                                                                                          SHA-512:84C2FB055BA88C6B0331A37DE8B8661CE7EBE04B1448E7AE2A0C8FD8BCC7E5EB92DF5EDD050E2FA9076DD507FD1BF52535CF008E2E0A5B02602A61942098D4CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Vous avez d'autres protections disponibles",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protection renforc.e est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protection renforc.e est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctionnalit.s de Protection avanc.e assurent votre s.curit. en ligne. Activez-les.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Vous .tes pr.t.! La prochaine fois que vous red.marrez votre navigateur, vous pourrez effectuer des recherches en toute confiance . l'aide de la Recherche s.curis.e McAfee, qui indique les sites que vous pouvez consulter en toute s.curit..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Elle est d.sactiv.e car l'extension de recherche qui fait partie de la Protection renforc.e a .t. d.sactiv.e ou supprim.e. R.cup.rez ces fonctionnalit.s maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2273
                                                                                                                                                                          Entropy (8bit):5.530360206154129
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvIoaSjp60i4X476LRiouHFshwFZcBqeOzT:CAejbVA8RcHFsh0yqeA
                                                                                                                                                                          MD5:1B410752E8CDEB1343ED2406A08B9D0E
                                                                                                                                                                          SHA1:E7DFF0CE68B129DE2DE50DCE20F05450B1D5B6C0
                                                                                                                                                                          SHA-256:69000E655ED5329D01F0F2C299EC51A0FC2DAAC5B9E3CE2EE9830185F9659769
                                                                                                                                                                          SHA-512:49F704BD64D9990723D50F6C25245D1175FCB36C624F5492C97E1B0CE530C483C694A63F08846276CA2C54AA45A5D6D4DD33D431BE6F1253D06806CFAE3EDCBD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dostupna vam je ve.a za.tita",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcionalnosti dodatne za.tite .ine vas sigurnijim online. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Sljede.i put kada ponovo pokrenete svoj preglednik, samouvjereno pretra.ujte uz McAfee Secure Search koji .e vam pokazati koje je stranice sigurno posjetiti.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.eno je jer je pro.irenje pretra.ivanja koje je dio Dodane za.tite onemogu.eno ili uklonjeno. Vratite ove zna.ajke sada.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} vam pokazuje koje stranice su sigurne prije nego ih posjetite.",.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2388
                                                                                                                                                                          Entropy (8bit):5.626397646753971
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvtCmH9aqAIDT5WSSWp7IpKwYnZmT+FLepwiV3l+MW:CFCmHMVIqtYY+BWGMW
                                                                                                                                                                          MD5:E30CC8500AD87568C691A364F78EECBA
                                                                                                                                                                          SHA1:F136DD6557D69578C6120D6379239B283824B61A
                                                                                                                                                                          SHA-256:DDB352B8333DE60947356150E70E45EC17064AA2A906183345FE2393AE39AFBF
                                                                                                                                                                          SHA-512:EC5C92CD8BEB4F7FFFC690074E09C46EC85F51C8F607B2A203678F626E910F2F8C9F5B3A3123610E8E0430FE438AFE3DA0A8A765CEC293C81DF4A4E877A0DAB5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.g hat.konyabb v.delem .rhet. el",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A tov.bbi v.delem k.szen .ll",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A tov.bbi v.delem ki van kapcsolva",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "A tov.bbi v.delmi funkci.k m.g nagyobb biztons.got ny.jtanak online. Kapcsolja be .ket.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Minden k.szen .ll. A b.ng.sz. k.vetkez. elind.t.sakor magabiztosan kereshet a biztons.gos keres.s funkci. r.v.n, amely megmutatja, hogy mely webhelyeket keresheti fel biztons.gosan.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ki van kapcsolva, mert a tov.bbi v.delem r.sz.t k.pez. keres.s b.v.tm.ny le lett tiltva vagy el lett t.vol.tva. Vegye ig.nybe .jb.l ezeket a funkci.kat.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_ADBLOCK_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2180
                                                                                                                                                                          Entropy (8bit):5.430870827158706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvlUzrFEVioJofWr5HsJcxnyhXpwfJwTRraIiLG/J:CpVioJoerVsJWylSm4Ig0
                                                                                                                                                                          MD5:5D8598F2201E45B9968CE8A89748048A
                                                                                                                                                                          SHA1:B250DF2841FF5539739BB8AA7ED2E3D0DD173652
                                                                                                                                                                          SHA-256:646BCC9EA896F1839F2D2FF0CDDDC84E13CF386AEB4D8CBF7A55825D024153B4
                                                                                                                                                                          SHA-512:258CE89EB60E5F8622ABD2EA6B3FB4F66148EA1CE0846725EECFA0B3DB8F239B5052F43C27AB04B9433104E074BEA59153C282C0EC9A73B12D6FDC862E4F76F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puoi aumentare la protezione",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protezione aggiuntiva . pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protezione aggiuntiva . disattivata",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Queste funzionalit. di protezione aggiuntiva aumentano la tua sicurezza online. Attivale.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tutto pronto. La prossima volta che avvierai il browser, la ricerca sicura McAfee ti mostrer. i siti sicuri da visitare.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ". disattivata perch. l'estensione per la ricerca che fa parte della sicurezza aggiuntiva . disattivata o . stata rimossa. Riattiva subito queste funzionalit..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Ricerca sicura McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ti mostra i siti sicuri prima di visitarli.",.. SEARCH_TOAST_ADBLOCK_BULL

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2689
                                                                                                                                                                          Entropy (8bit):5.783492922423992
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CDihdOhGELq02HhMyCYaYPuMLmeStoN5PcvhvD8vsOgah:CDihdsjz2BMRNkmTgg5wRgah
                                                                                                                                                                          MD5:4BED5D33E177BDA09929FBDD72EA51DD
                                                                                                                                                                          SHA1:2AF0721F2D2792C6C556313AF9D05B53F976560A
                                                                                                                                                                          SHA-256:3D400ACB69A7B7ECA3EAD276C21EFE3F6F696C89895AEE57379823C7C332C87D
                                                                                                                                                                          SHA-512:6263770A13E14F21021C918B9CD0BA27D72269FC9AB8E4CEF40D7D714EAD5C8FBE0175F5208E1A7B932831642F8F0608CFD96583E3BCE3997762610A6DA45065
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_ADBLOCK_HEADING: "..............",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "............",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "...............",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................... .............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".......... ....................... .... ....................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................. ...........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2396
                                                                                                                                                                          Entropy (8bit):5.90958145143297
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOVLgXlf/klv04CjUXktjHaQLKOudpQVg/xFSQXmYQgpyyqK4wQNqDhOnwIju2O:C8FJUXy6XlbSvYi3wiQ2O
                                                                                                                                                                          MD5:C96049216F6CF6DD9C07B87211553581
                                                                                                                                                                          SHA1:870E75BD0CAB8F15ACCB40CF2F53D6A28975BB6A
                                                                                                                                                                          SHA-256:51E2F7E5A5FCFA12C0B536ED4B8F5382C13661992D2F6844E771BCDA4FC993FC
                                                                                                                                                                          SHA-512:943095D8F02D7567B75D5B243D993B295FBCDE8AF6C1B233AA15CA08110FB7E6C5483149EBDF750FAFAC29E8A2A54142E77E12496FB0B297F05CF1B572C2EDA2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_ADBLOCK_HEADING: "... ... . ....",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".. ... ... . ....",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".. ... .. ....",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .. .. .... ... ... ... ..... ... ....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".. ........ ... ..... .. .... McAfee .. ... .... ... .... ..... .... ... . .....",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".. ... ... .. ... .... .. .... .. ... ... . ..... ... ... .. ......",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee .. ..", .. SEARCH_TOAST

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2170
                                                                                                                                                                          Entropy (8bit):5.4514491250427435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvJIksPYZC/uu6YZJN5QsKYmOArOhR/QExYkR2S:ChI1Y0/u3YYsGKrYS7
                                                                                                                                                                          MD5:BB18F9BC97B5745E3C01D856D596071A
                                                                                                                                                                          SHA1:01FA3741217B0A9180EC9C18DB48FB44F705791A
                                                                                                                                                                          SHA-256:1DE722273E719DA415E21D398F0C4720A2B0EE1CE7E08C0BC5328CBAE6C5C694
                                                                                                                                                                          SHA-512:525305A69E08AF263330D8CDE5594C91B849D9A4884BE1A31A1FC82E1D0456F6B44CF1911EB93409ACEAB6AE1330322C88FDFF30F7C65BE2D5B641B6BF7B52A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Flere beskyttelsesfunksjoner tilgjengelig",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er klart",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse funksjonene i Ekstra beskyttelse holder deg sikrere p. nettet. Sl. dem p..",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt klart! Neste gang du starter nettleseren, kan du trygt s.ke med McAfee Sikkert s.k. Funksjonen viser deg hvilke omr.der som er sikre.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Den er av fordi s.keutvidelsen som er en del av Ekstra beskyttelse, er deaktivert eller fjernet. F. tilbake disse funksjonene n..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sikkert s.k", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser deg hvilke omr.der som er sikre, f.r du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2216
                                                                                                                                                                          Entropy (8bit):5.445156491013825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvKJpceq6RTcyrCBuH1ibZ/Pp93MK64kFUq5EpvnSWA8i:CQSN6Roy8uHwZHpi34TqmpqW1i
                                                                                                                                                                          MD5:FC49ED40CB38256B5A7CBE1F0C4B2202
                                                                                                                                                                          SHA1:498A72B88F985C16F27F8F364133B095BE714D43
                                                                                                                                                                          SHA-256:46FCA5BFF9AFC70ADD46917F5E2912D7788BF06231B80C7D8A0A756032520A4D
                                                                                                                                                                          SHA-512:F6131A864EEE2F067F23960DD756E1BA1CFC63245C8BF50835E0994A389D1EA82EFA614EE69040C32D586CF3D0F7EC1E7BCB020F23472F7FB5E237A4BE1D9AB4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "U kunt over meer bescherming beschikken",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Extra bescherming is gereed",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Extra bescherming is uitgeschakeld",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "De functies voor Extra bescherming verbeteren uw online veiligheid. Schakel ze in.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klaar! Wanneer u uw browser opnieuw start, kunt u zorgeloos zoeken met Beveiligd zoeken van McAfee dat u precies laat zien welke sites u veilig kunt openen.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Het is uitgeschakeld omdat de zoekextensie die deel uitmaakt van Extra bescherming, is uitgeschakeld of verwijderd. Schakel deze functies nu opnieuw in.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} laat u zien welke sites veilig zijn voordat u ze bezo

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2289
                                                                                                                                                                          Entropy (8bit):5.686524926637267
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Cv4058MjlxcXI9qWiXgwsIvE8QK0tKWhEZ0JILHVI16sSIIRXCVmO:CQ01jCI9qXXLsIvE8Q5K+EOgVIEsSFX2
                                                                                                                                                                          MD5:4E9C8EBB617AEFA754BB752550446493
                                                                                                                                                                          SHA1:2576650CD564A5B1B1FB07F878B67B265A21312E
                                                                                                                                                                          SHA-256:7774036B9B221F424A7504AD1098A1B448CF4469CC295BAA5133EE511AC078A2
                                                                                                                                                                          SHA-512:BE70D312829A074BB81D2D1289C8C87482D18FDD553948922998AAD412CF14974865552005483C4538DD172BB8D235BA44A4E9423C22F0230ED74361691012F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dost.pne jest wi.cej ochrony",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatkowa ochrona jest gotowa",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatkowa ochrona jest wy..czona",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Funkcje Dodatkowej ochrony pomagaj. chroni. Ci. w Internecie. W..cz je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Konfiguracja zako.czona! Po nast.pnym ponownym uruchomieniu przegl.darki, Bezpieczne wyszukiwanie McAfee pomo.e spokojnie wyszukiwa., informuj.c o bezpiecznych witrynach.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Jest wy..czone, poniewa. rozszerzenie wyszukiwania b.d.ce cz..ci. Dodatkowej ochrony zosta.o wy..czone lub usuni.te. Odzyskaj teraz te funkcje.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje, kt.re witryny s. bezpieczne,

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2225
                                                                                                                                                                          Entropy (8bit):5.478804103947096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvVVlKrZ/ez2L3dpZszSJEufUo7G+Dz0I:CNq62LizsUoCaD
                                                                                                                                                                          MD5:BE1565B167CA665AF9DA89F2C99C6050
                                                                                                                                                                          SHA1:91D77D275A806BD2CD948C6B7F946C970CAC6556
                                                                                                                                                                          SHA-256:C3D3598C8B7A700D33665D64B15B01BDD44A1CD2AD6579861B67223021CF8571
                                                                                                                                                                          SHA-512:AF92ABE944E3DB088F4BFCE3E8959F3A20A5061E13E0E8BE68AD3023369766145AA7F1C675A20BF82975C4DEE24EAD14F4683FFF67A0771B66B7C41F4BD303B3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Voc. tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Esses recursos de Prote..o adicional o mant.m em seguran.a online. Ative-os.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tudo pronto! Na pr.xima vez que reiniciar seu navegador, pesquise com a Pesquisa segura da McAfee que exibe os sites seguros de visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Desativado porque a extens.o de pesquisa que . parte da Prote..o adicional foi desativada ou removida. Traga esses recursos de volta imediatamente.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra quais sites s.o seguros antes de voc. visit.-los.",.. SEARC

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2324
                                                                                                                                                                          Entropy (8bit):5.473262216183594
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvOb9fKjnZdVrzzHUUFZeEi351TgV4/QbG9Ddzw:CWJmZTLUUFZgLQiTzw
                                                                                                                                                                          MD5:3AFD031732AA78F7BAB6E1214D420900
                                                                                                                                                                          SHA1:9E1EB0CE1D9A8833FCE6869724EC356E53C16369
                                                                                                                                                                          SHA-256:B7BBB3ECF66EF27C200D02057A369802E0AC2A149F791C783B32EBFF0B246861
                                                                                                                                                                          SHA-512:ED8BE2C8DF3C6BD33EB1931FAA9F43C6866E1F707FC90BA44C3DC6C0B1E598FB52B8F899A02C5E2D7466E973586E6FA750F280D87C40BED406F9D4DCD7494EE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funcionalidades de prote..o adicionais mant.m-no seguro online. Ative-as.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Est. pronto! A pr.xima vez que reiniciar o seu browser, pesquise com confian.a com a Pesquisa segura da McAfee a mostrar-lhe que sites pode visitar em seguran.a.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desativada porque a extens.o de pesquisa que faz parte da prote..o adicional foi desativada ou removida. Obter estas funcionalidades novamente agora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra-lhe os sites que s.o seguro

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3288
                                                                                                                                                                          Entropy (8bit):5.143824214783734
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:COrsBqgVZBkBuYVCdpLVREi4c1rTZPNiNbdD1P:CCsBqgVZiuYV8pLV16hV
                                                                                                                                                                          MD5:DDD046C06FEC8646E05300BDB004A799
                                                                                                                                                                          SHA1:58F0669910C890ECE44C3B739939675E48DACD7E
                                                                                                                                                                          SHA-256:F486043DC3C4CAE1C518FA434E0A89E4CF0E18FC73B7DC432DD61AC5BB92F629
                                                                                                                                                                          SHA-512:39A11A7C19273CA753418240C0D1C73CBE8DFC808C96E0F4546066C33455D65D551136B4D0FBFC4C78A8B442FEF9BCBBDB312F16753E947B9EF68CB7930F099C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ". ... .... ...... ............ ... ......",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".............. ...... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".............. ...... .........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .............. ....... ...... ............ ............ . .......... ........ ...",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "... ......! . ......... ... ..... ............ ........ ......... ..... . ....... ....... ........... ...... McAfee, ....... ........., ..... ...-..... ......... ... ..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADIN

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2276
                                                                                                                                                                          Entropy (8bit):5.7622122869733
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdg0FQ8YIcT3JOzrgffdIxL8EHbgnDHKXldVV/aVcFUC7wQi0o0ekfSanwINx:CvW8zM6pE2VDVGc377SI/xzF1
                                                                                                                                                                          MD5:E16F194FFDA6AB76D2D868046FB2F2B8
                                                                                                                                                                          SHA1:E0E1B13814F8FB44B310B334F5572AC756DBB2BC
                                                                                                                                                                          SHA-256:5E15279D70F7C588A90FAA6389BAAD0D34C1F8604C9CCAB074A6DF5E9D4B8156
                                                                                                                                                                          SHA-512:34DF75A842BA4BDA5B2E89FD5B9B307E89661502CB7956E15FCBD395DC6EC6DA069D73151D19824202B221708F9C13FB4839384E6D399698F1952103D03C9267
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Pon.kame v.m viac funkci. na ochranu",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zv..en. ochrana je k.dispoz.cii",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zv..en. ochrana je vypnut.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Uveden. funkcie zv..enej ochrany v.s ochra.uj. online. Zapnite ich.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.etko je nastaven.. Po re.tartovan. prehliada.a v.s zabezpe.en. vyh.ad.vanie McAfee ochr.ni pri prehliadan. a.zobraz. str.nky, ktor. je bezpe.n. nav.t.vi..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funkcia je vypnut., lebo roz..renie vyh.ad.vania, ktor. je s..as.ou zv..enej ochrany, bolo vypnut. alebo odstr.nen.. Z.skajte tieto funkcie sp...",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} v.m porad., ktor

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2217
                                                                                                                                                                          Entropy (8bit):5.532907790773258
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvzaSNcoHl5A0Pt0opbUbFpGbQg55EfVLssM:C5NH5AatiFpNMc4sM
                                                                                                                                                                          MD5:B225B3E84906A0A5B8454B9CC16403E5
                                                                                                                                                                          SHA1:F2FE84A206A0B63DF3C53EC5440CB9A51C532DB4
                                                                                                                                                                          SHA-256:3E1B25C92A7094643954D22E7C7299B76A5D636BC4EFDC6AE16C0C852EC620ED
                                                                                                                                                                          SHA-512:CFFF68546E00A7EBEC7B737CCB6091E2CCC1F0A1EBB03F1E2407E75AF90D8A396FB296F32F6FEC6959755F021ED2C8E5C6BCF12F7C5D116CF450988B0850660A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Imate na raspolaganju vi.e za.tite",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcije Dodatne za.tite .ine vas bezbednijim na mre.i. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Slede.i put kad budete ponovo pokrenuli svoj pregleda., pretra.ujte sa samopouzdanjem uz McAfee Bezbednom pretragom koja vam pokazuje koje lokacije su bezbedne za pose.ivanje.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.ena je jer je ekstenzija pretrage koja je deo Dodatne za.tite onemogu.ena ili uklonjena. Vratite odmah ove funkcije.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje vam koje lokacije su bezbedne pre nego .to i

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2111
                                                                                                                                                                          Entropy (8bit):5.531940800460125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdggWQRZC50gO/GNxNteo7XH8QU/OC8Q5zuVJAlbGF5ON1y8mJbc3NU7nfv1Q:Cvg5Lf7jC1iVJkbJ1YJbYChTR+N
                                                                                                                                                                          MD5:3403610FDAC61B972ED43C219F22F672
                                                                                                                                                                          SHA1:DEE8ECDAABE38D9C88714F3082E0C32307834863
                                                                                                                                                                          SHA-256:55BC9A5B80F0D0608F5596A37FDA04F1C75AFCD7B92A3C05FFE73BDB55409BF0
                                                                                                                                                                          SHA-512:7BD79D1ACA466FB3040B9EDB563B279CD48C1667C920B0324DDF86F2DDFD1374BA8071A5F537DF0133D14E6B59E258F5E4492B4066D6B4945DE536290E928EDC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har mer skydd tillg.ngligt",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ut.kat skydd .r redo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ut.kat skydd .r av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ut.kat skydd-funktionerna h.ller dig s.krare online. Aktivera dem.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klart! N.sta g.ng du startar om webbl.saren kan du s.ka tryggt d. McAfee s.ker s.kning visar dig vilka webbsidor som .r s.kra att bes.ka.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Det .r av eftersom s.ktill.gget som .r del av Ut.kat skydd inaktiverades eller togs bort. F. tillbaka funktionerna nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee s.ker s.kning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} visar dig vilka webbsidor som .r s.kra innan du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Annonsblockering", .. SEARC

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2206
                                                                                                                                                                          Entropy (8bit):5.572151998283136
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdg/UOH95vCfoXiRvLa/sGcdDSqi+2O1ebxZQ25BMblR/B2sK3SZ/Z9vKlmCO:CvSG/GoSqi+Z7bQspvKG68dd30nUv
                                                                                                                                                                          MD5:A2BF5A99464327D8C6CB893F6C439EEB
                                                                                                                                                                          SHA1:07B8E11224358434B69A9517C87AAB4560CDBF7D
                                                                                                                                                                          SHA-256:1FC51E901832EE6C1570A9D9167FF7C14C016996BA019C100434F87A2BAC474C
                                                                                                                                                                          SHA-512:ACACA98D1F2CD472822C9478AF83DDEFED8D49B16AC88EAF9ACE7D543354AEC45725B2926BAEE0EA4687A74107D27B12855E6A3574E6E3E5E4608EB42643E9A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Daha fazla koruma se.ene.ine sahipsiniz",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ek Koruma haz.r",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ek Koruma kapal.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ek Koruma .zellikleri sizi .evrimi.i korur. Hepsini a..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Her .ey haz.r! Taray.c.n.z. bir sonraki ba.lat...n.zda, hangi sitelerin ziyaret edilebilece.ini g.steren McAfee Secure Search ile g.venle arama yap.n.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ek Koruma'n.n bir par.as. olan arama uzant.s. devre d... b.rak.ld... veya kald.r.ld... i.in kapal.. Bu .zellikleri hemen geri al.n.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ziyaret etmeden .nce hangi sitelerin g.venli oldu.unu g.sterir.",.. SEARCH_TOAST_ADBLOCK_BU

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2043
                                                                                                                                                                          Entropy (8bit):6.252788266367725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOZgVstn8dWjt8EWNjtM7LLyllJtjEcjt/dcz58qNAMdstxjl7BnwIj86+HXJJH:CjBt/wppKWMGzRl9d+3CjTQb
                                                                                                                                                                          MD5:136E335FFFF5C09C8D45F3AC2DCCCCA2
                                                                                                                                                                          SHA1:E678FDB546E8DEF80C4669A03359185766707BFA
                                                                                                                                                                          SHA-256:57D566D0D6C5322BD4B3AE3E32E43A81048142D127FBF638A0668807EF211CFD
                                                                                                                                                                          SHA-512:55EF7E5F7103D08F055163C4EC7462D025393D473F69A2171FC03979F474C0280CA28945FBB5582E5E48748F1529214380ADACF89C2861BBBFF095919A445145
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_ADBLOCK_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "...................... .....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "........................ ...........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: ".......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: ".......{0} ..........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_2

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2123
                                                                                                                                                                          Entropy (8bit):6.278958296554494
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:CvaX+Mm6t8MZoD+KKtSr5FlITWiyViRXixEfUMu:CCX+Mm6WcCKWQi4SxEMMu
                                                                                                                                                                          MD5:6086CC3903036253F01AF24FDEE7C53A
                                                                                                                                                                          SHA1:CA0CA223E2C748EF97FC55CB0CC0C470CE068522
                                                                                                                                                                          SHA-256:06869E709D71E852F90DB62AC5D72DEF614B6B7862ADCB5A80C4E61A351DA04B
                                                                                                                                                                          SHA-512:03C892A4839C3B09F7A790FA889AA73938C4C52B95B500D43024C6818CBC81DE0B4A5EA840265D8445722CAE04FD89A0E2C0DA133D71DE2A730B5BE07E1106A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".......",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "................McAfee ..............................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee ....", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0}.......................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                          Entropy (8bit):5.688820613029769
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HUDAS6FXOqZG1g4zBFU+K6IPHf7q4qtoxnuBaY2MUKmbt:7HbzFOKGy16IPTq47uqbt
                                                                                                                                                                          MD5:25600BAE80F5CB75634E66D438A3ED87
                                                                                                                                                                          SHA1:A6BD998A6F8BC4228AB739D30118E587FCEF229A
                                                                                                                                                                          SHA-256:4D9275A965EA4DB4423AFD61F15BBCF892A16B841039C49CDBC4C2C2E7137992
                                                                                                                                                                          SHA-512:52741F63385F776C8393DC7ABE4B931D48E95FB4882020A343D4FD68F363F7C71FE3CBBE22A4459E25F3A9A8923CE175A0FC86550CAF97E7160BC23208B9B4C0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. prov.d.n.ho pomoc. vyhled.va.e Bing upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete vyhled.va. Bing doplnit o slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_SUB_FOOTER: "Po restartov.n. prohl..e.e zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz..",.. SEARCH_TOAST_YES: "Ano",.. SEARCH_TOAST_NO: "Ne, d.kuji",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz.."..}..//FF98ACC354B545567CA5D01D513C6EB584299B4AB03A5FA783F85AE184C0527F66C6AD287475F6E30D2FBFC1C93534ABA862DEE5CB9259BD5D78343BDF2D9C64++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):807
                                                                                                                                                                          Entropy (8bit):5.48546336024787
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HaufsEtijFTUd42Vd+PQhF2FAZePvosQ:++s9TUd42Vd+Y3VeXtQ
                                                                                                                                                                          MD5:B703435844FC64ACB0E8B66023BBBF72
                                                                                                                                                                          SHA1:2A30A8373B69E603EBEE037C9619A77BE41AB40D
                                                                                                                                                                          SHA-256:9679209EA147A58E6208244A1FE1096F27F7E7562C7A9336CC97611354277D2E
                                                                                                                                                                          SHA-512:689AB439FF9A18D7A3C1B62B2CC7098A924FDFB77CD046641C8D9BDC2FE4D15E0132F7AF030F392EC6ACF0E95B5C9A1A3FF9E45F896A15777C53E78CEB52F36A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i Bing-s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du f.je Sikker s.gning til Bing, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r Sikker s.gning til og .ndrer standards.gemaskinen til Bing, n.r du genstarter browseren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tak",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r sikker s.gning til og .ndrer standards.gemaskinen til Bing."..}..//AC3E60B396EE5D724C7E17F84B4F779296FF62D757427CF7185926D7D8A2258157CF441CB9D0379D0B13CBD65B35520D68E4CF032ED0860B1F15198A523ADE01++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):863
                                                                                                                                                                          Entropy (8bit):5.3420058632941165
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOaJltkh2FsMZCvXCQtROXJZMBTNJVrfIMX3K6DNJ4lIVFvF2wjpqtODNJ4lIgX:7HGgFJZ+X0qvX66Q+3F2wlPQ+gSZwj
                                                                                                                                                                          MD5:0E75E9D6285D37C533F5F4CC930AFA12
                                                                                                                                                                          SHA1:B82EEF55389EE9D554E98BAA6B9F54B7990BDBF6
                                                                                                                                                                          SHA-256:271299AEEEAE9E51AABA8E770E280E4F621CB08FFC2762DCF7358A68E314ADB6
                                                                                                                                                                          SHA-512:D45D245CC5678AE5EF00EB4C1DFE2F0AAF7C09C551A371CE00843975BEB5D1AAF640649D5C2846EFF9C6778B1CDFA4D559DB3C325D23973F21E101921EB285CC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Bing-Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "M.chten Sie die sichere Suche zu Bing hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_SUB_FOOTER: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing, wenn Sie den Browser neu starten.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nein danke",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing."..}..//FFB880235CF4154BA0E03FB3C17C538DFF8032B766C32880B61AEB170C9CA4C6EBA5139B9C45716E3B219320D5395F3A0164CD3FA5C452EDF4C5DB1B7E5DE45A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1522
                                                                                                                                                                          Entropy (8bit):4.955552194749003
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HB3IsMXLr2bnATla3ybWG2hbiLy+wgjxUbiPRjGXnMxv:W2UTlaLvbiVGbidCnMv
                                                                                                                                                                          MD5:39FB7B5125A164684B163EB346081AF1
                                                                                                                                                                          SHA1:651B92A732751624F9A9C4B1A4416B8F52175175
                                                                                                                                                                          SHA-256:B56D36EC8D9F9D4921D8391975A87A7FBECA1D0698E8FFA0F08C8963BF496C57
                                                                                                                                                                          SHA-512:30275A695980EB10A662AFFF7985F25BA79C5313800C413C5111BA0BE07F4E10A87E3EB3DF7ACA438622412AEB966616D0CE21FF267B02C5ED570F2155FEABE8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "... ......... ... ...... ........., .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ .......... ... ... ........... ... ......... .. .. ......... Bing.",.. SEARCH_TOAST_BODY_TEXT: "...... .. .......... ... ...... ......... ... ......... Bing ........... .. ..... ..... ... .... ....... ... .... ............. ...........;",.. SEARCH_TOAST_SUB_FOOTER: ".. ............... ... ...... ......... ... .. ........ .. Bing .. ............. ......... .......... .... ... .....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):780
                                                                                                                                                                          Entropy (8bit):5.341048253661898
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HdW9H3npSuVNTzLo4uiJH7IyOtS9eDqt1IyafdAYkuvNS:7H8XpSuVNTzxcCeD7FdAYBS
                                                                                                                                                                          MD5:A2FFDC45B6EE34B91AF0946585771BDE
                                                                                                                                                                          SHA1:94B05EDF970F53DC4BF9D12D3947A01A36BD719D
                                                                                                                                                                          SHA-256:8C14DAD3A286BAF2CFD48299C29CA207D001034C015EF506E36F1976B6671D2E
                                                                                                                                                                          SHA-512:CCBF2F98F761A8A7035248EB1FDEECC7AD1244495403E16179A61B2FF181BDF30396E8C5FB2A78B95B8EBE8EEE8669E0B00C54BE22DD5820FE9AF4EAFC74039B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your Bing search results.",.. SEARCH_TOAST_BODY_TEXT: "Would you like to add Secure Search to Bing and stay ahead of the bad guys?",.. SEARCH_TOAST_SUB_FOOTER: "We'll turn Secure Search on and change your default search engine to Bing after you restart your browser.",.. SEARCH_TOAST_YES: "Yes",.. SEARCH_TOAST_NO: "No thanks",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "We'll turn Secure Search on and change your default search engine to Bing."..}..//B8F1A499F644094CDFB0462EDE3201EAD0A2F156E7AEA19B74C6F29FAD300BB976E31754B7E95BE5507A45F642230E99F2F92D930C510EEB53BF5CADF9F91399++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):834
                                                                                                                                                                          Entropy (8bit):5.3858921587981206
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HTOW06YIJHM8MEIoyLLQZSUJHHrSXXY0Vqt15ZSUJaN5HkgvpE3/0:7HqpQJHM8MnoyEpmHYGm5oN5HHes
                                                                                                                                                                          MD5:47049A10A4264E4DAACEC2A36EC9786B
                                                                                                                                                                          SHA1:F1B31EDC542651DB3E3088987B11FAC66B89B5CD
                                                                                                                                                                          SHA-256:1E4C4CDAB0233C51D0E14F21912C65CDF558C58626D1EBDC7F047BCDE34AFB52
                                                                                                                                                                          SHA-512:0F419C60637750154EB86B59E0173EB131E453438E0B9DFD915E82AA85A41AF53F3D3A7DD3B1786108D5999B035AAF649F792187D10217DAD0A9C4DBAF0B6A9E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No dispone de B.squeda segura, tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios web peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a a.adir B.squeda segura a Bing y olvidarse de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing."..}..//C3EFC3A6C064EAF1EBDA56B5E11061565E56D90CAC0D79DF9E495DCEDE018698A616475E7FBC1EFEF976CFC742F14760AC12BEED830F408576446472611C8BEF++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                          Entropy (8bit):5.377366640690806
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HT9+6YzsinKM8MEIe4LyO3KVoqZSUJHHrSXXY0Vqt1BbSUJKsQCIesw6hHZ:7HCsiKM8Mne4X3QpmHYGmboxCcb
                                                                                                                                                                          MD5:E94546A330D9A84041AF8C18130A13FA
                                                                                                                                                                          SHA1:8D14B572D01F1CA3189C7BF949B5A748CD3E53A4
                                                                                                                                                                          SHA-256:FD572014052A9D4D7DBD1984BCB2E4970C938BD062D5BD6593542B9BBF058AF5
                                                                                                                                                                          SHA-512:7A66F44908097BEEA94A6C4234A6F9FDDF56819AB0D5DB4894A92D8AD784B538FCF134CD873EDCC45D6F0A9FB557CC01D0D8909909432D863F1F5454649FAFC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No tiene b.squeda segura: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de los sitios peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a agregar B.squeda segura a Bing y mantenerse por delante de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos la B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos la B.squeda segura y cambiaremos tu motor de b.squeda predeterminado a Bing."..}..//774793A544BA2248B5833B0E776F4611EAA4EB7250A3A19C2D9E3F3EA4065586EF84326915E50F5B234F3B232B25C3570C991E0D4A36C9269E411010C66951FA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):837
                                                                                                                                                                          Entropy (8bit):5.4144506945268285
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HQ2htHsNn+dWfoRVfeEfoRilDiBOWKGk:5hFs1fgrfDcOWlk
                                                                                                                                                                          MD5:FFF760F6D0DD396B14B0914DD168BA6C
                                                                                                                                                                          SHA1:76F46B903184CCE7D107E00B96187EE777EB10B0
                                                                                                                                                                          SHA-256:A2D57FF4F6D92FEC608A19E5046DCFF235C729B54A7D937B5018DCF6A8E7F1F3
                                                                                                                                                                          SHA-512:900C7A228554B545DD5030B3107F2A7795CC22A5939FF0C5E470042127D2CDF45BE72A6F4D4B1799A413F6BC39FF2B0EB4D6108AA34F7735291F76846857EBC5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat Bing-hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.t. suojatun haun Bing-hakukoneeseen, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_SUB_FOOTER: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing, kun k.ynnist.t selaimen uudelleen.",.. SEARCH_TOAST_YES: "Kyll.",.. SEARCH_TOAST_NO: "Ei kiitos",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing."..}..//F36551F9A9786F5A72ED5D54B9955A66A49D8540ED039E8A9D7D0A6C8DED74F04BF183CE0823D30E21406B3B639C92401CD72EF71B41725F72E5E4919B98B23C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):927
                                                                                                                                                                          Entropy (8bit):5.353545614692768
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HW5WFTGeg5rqskm8wwbY6xQam8wwbY6NAQyBA:uWFTGeg5Wwv6Bwv6NncA
                                                                                                                                                                          MD5:7C90FFF94970FD205D36B3D5C6421F87
                                                                                                                                                                          SHA1:2BF3110C1DB900549DDD1D665FE854CBC0FDAD69
                                                                                                                                                                          SHA-256:2C89C632F1521FD9018ADCBCFBF2A230FDB566A7E753DB08C00AB5DA6216A741
                                                                                                                                                                          SHA-512:08A8C21DAE59127C95F3B3EBB510BD74522399803F97F04243029DB70931B1E78811E35738ECB9AFD88B0E89E7F0C6F02CE7E7C0AD18E028375D91D0D6F7E450
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e n'est pas install.e dans votre navigateur.",.. SEARCH_TOAST_SUB_HEADING: "Recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Souhaitez-vous ajouter Recherche s.curis.e au moteur de recherche Bing et d.jouer les escrocs?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut."..}..//57C8DAE1DF8839ACB4D9C48570AFCE42B073F5A306ACEBF8254FB5A7ED724684540E07C7BAD7328F7F4C6B8B88AA7D84D43C6F9B6FC18BA6902C2B144F45FF82++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):940
                                                                                                                                                                          Entropy (8bit):5.361699743281387
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HNL7EemtP5RTOpwemfw8uWY6xxAamfw8uWYSwwpd+g:R7EemtPaiwX6CwXAdh
                                                                                                                                                                          MD5:2808E40E4DEFAE387C8213265FF1C6BD
                                                                                                                                                                          SHA1:69F1AB49982FCA26E3C378F17D011F67DC104F6E
                                                                                                                                                                          SHA-256:131381B90DC8FCD58B612C1E740E80F3E18C564AE37C0744C526849128022A3B
                                                                                                                                                                          SHA-512:B9AA89A4F058A2D8045E160F32C7F821FB2632D4B3568F854AB5C8263B80466ED0B8BB7BABE30DF84B269532D9B78FF87D0C084CDABEBBADFE05E1A3DEEA410D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche Bing.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous ajouter la recherche s.curis.e . Bing et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non, merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut."..}..//EA11169CB4A238A8439DB55895CC03A02F88C6CFFE0A0BE6534AA158863B5454F409F9A1DE18BB8116832D1C71C0630A7A02E8E669F24D8C267131F8682DFA09++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):798
                                                                                                                                                                          Entropy (8bit):5.4203719090467235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HM+9DuIg9sCZwzJl//L9hd9MuGvPJHCqtL9MuGkSUFSMf+z0VEj:7HMogol25vxHCD5kS2T+z0VK
                                                                                                                                                                          MD5:3DC9E0B9876B48A4B9AF1EEB885A8EEB
                                                                                                                                                                          SHA1:F49F1963BE7796E356DDE80CBD707A29D0D3BA72
                                                                                                                                                                          SHA-256:AABC136B40C5DC53335F87524A8A02F9A6BB21EA705A2DDDFFDFE1B12F4FC27D
                                                                                                                                                                          SHA-512:C776E51C6E602FECF0B52741A86F550C3FADAF61F0C5755F037815133CF6A01E94B0E32B28BE5B2E00C7B206E0A8BECB92EC36399861F5BA822D80CD778D7AC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata Bing pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati sigurno pretra.ivanje na Bing i ostati ispred?",.. SEARCH_TOAST_SUB_FOOTER: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing nakon ponovnog pokretanja preglednika.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing."..}..//58564E968C6A1DD2A3B01E6CAA43C802D43886AA300213AB786B403029C4AFA1A15CFEA82F1E419D0F21A3BD40757F0000F2F410BEE9BCF0640F6E9AEAEEF483++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):922
                                                                                                                                                                          Entropy (8bit):5.595558799392145
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HL8d6oBd5US6Xdd7qQpuYeBdyEpFnY45EgpuYeBddpFtvF:q6ojijX/+QpuJjTYH+uJjj9
                                                                                                                                                                          MD5:B38B90C7D9DFD87A593F15953D541B8D
                                                                                                                                                                          SHA1:58DFE87DA7B330E62DF1B80F3F61B66304EB49D0
                                                                                                                                                                          SHA-256:FD5FB9E7E89817195524ADF8E387ADD1CA2D2EB6BE05F6BDB648ECF97618F1BE
                                                                                                                                                                          SHA-512:D68F00E1E0E9990D8C12829691C95814832D87A015435627FBD21F1895FDE6C85E91ACB36D805C69F7CA46E3FE607DA1469565E31C834F6F95EFC9B9165B94DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a Bing keres.si eredm.nyei k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretn. hozz.adni a biztons.gos keres.st a Binghez, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_SUB_FOOTER: "Bekapcsoljuk a biztons.gos keres.st, .s a b.ng.sz. .jraind.t.sa ut.n az alap.rtelmezett keres.motor a Bing lesz.",.. SEARCH_TOAST_YES: "Igen",.. SEARCH_TOAST_NO: "K.sz.n.m, nem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Bekapcsoljuk a biztons.gos keres.st, .s az alap.rtelmezett keres.motor a Bing lesz."..}..//ED836E20F822E064FC27F5397135316DE08C17C7B7CC8357DA7DC005E6CD3EE7CF05A51E030F4A904D09DABCBF494CBD1C7B366892AAF6A82D4948A06F82D824++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):819
                                                                                                                                                                          Entropy (8bit):5.274707792713194
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H1J1Z2psz/XEKapHoCv815HFl+pqtKHoCv8elQQEHn1X4O:7HB8OXEhpICvoFlIhICvtlyHOO
                                                                                                                                                                          MD5:2700305936DBB03114A934D5E9757167
                                                                                                                                                                          SHA1:A1AEDB794816FD8BA9B33455BFB848E68A659805
                                                                                                                                                                          SHA-256:93C9C109C10004B94C7D96E01C2759988FE6250C1F1B73247443FC6E45E40ACE
                                                                                                                                                                          SHA-512:47302DC536B6FE20680C89B55B77361FF70B2D35C1EF54B3FE58CEDBDA1BDE3CA577459804B8F5463B5261C52B884E0DF1036DCE96C82C1BEDCCD61CE7CD28FF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche con Bing.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi aggiungere la ricerca sicura a Bing e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_SUB_FOOTER: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito dopo il riavvio del browser.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, grazie",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito."..}..//8BD8DCF847C401B1CCB745554373A6FFAA03B6BF5C11295B0B4E8F8D4493B225C738440B991532D6E3771E7B734A3CB86C14DAB121AD5678086207E4C8FE22CC++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):943
                                                                                                                                                                          Entropy (8bit):5.727860477750984
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7H8PQbHaQ4gy2XLCreYv6RlqkYvIsZc6FU:4PQzanP2XLInvKc1vIsZc6FU
                                                                                                                                                                          MD5:B9EA0C2C353F18C73103DCDE34582F81
                                                                                                                                                                          SHA1:2E1372FD055A0A653B74D1A59D93655D9325A232
                                                                                                                                                                          SHA-256:813D941EB5BA6E03DB6F03559A58C695155965CE4477262EA2FC16DADEFCB47E
                                                                                                                                                                          SHA-512:8B5F98EEA3F6ECD2E3DE81254FC74715DF3CCAB7388C82C0AAD8B885F156913EBF6FA687071159608D3C9BB51776A00ADED2FC6AEB48D98B2760048164777751
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING: ".... .....Bing ....................",.. SEARCH_TOAST_BODY_TEXT: ".................. .... Bing ........",.. SEARCH_TOAST_SUB_FOOTER: "................ ...................... Bing .......",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".... ....................... Bing ......."..}..//DA01E07B3AED3210BAFE875F8D72CA79BF9454EEB7A2AF50A50C696C70F935F0F98C142936703D21CC5ADAA4AD572EB6A55E502717A8AED04C6E9520CFA33A06++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):823
                                                                                                                                                                          Entropy (8bit):5.904020544863617
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HN1I68EVZFj2F/40kOv8k16xQl07Cqtk16xQlXViKLPG:7Hx9E7ka8kg7CtJi0PG
                                                                                                                                                                          MD5:E4A9B3945989307F6F382464CD744E8B
                                                                                                                                                                          SHA1:D5E1E18DDE7569A5DD8FE13D515205DDC383BDFD
                                                                                                                                                                          SHA-256:C0E4EF29C1F6BE33016D640AA0C830FEF3A060BA54367279E3AF52FD10682994
                                                                                                                                                                          SHA-512:3133314D072BA67286DE48E0180C3C63003D5B9D4F2779B7FD2A460D7B4B9A767E2BA1295E038A59EE16E0D23E432780A8D311469B8D35ACE3B850D56D2403C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... Bing .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: "Bing. .. ... .... ... .. ........?",.. SEARCH_TOAST_SUB_FOOTER: "..... .. ... . .. ... ..... .. .. ... Bing.. ......",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ... ..... .. .. ... Bing.. ......"..}..//6A7DEE9087F9EC7BBA4AD778A150895A4B364827E29FDC6AE28234A1050818FF253B9B7A0FE703E9ECEBA311685E68285E7A05CF4E169D72B64BC0ED47120049++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):759
                                                                                                                                                                          Entropy (8bit):5.417701316840642
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H4jM/QjBU4dkyU/6FkbS7CWJCYfUfGKF2cFqtEFJCWJCYfUyx/YgQUsfopm8:7H0MojXdUCFHtrfyGKF2yZtrfF/FQUsY
                                                                                                                                                                          MD5:DCC0E4F0385CD17A2104343BA2911706
                                                                                                                                                                          SHA1:150AC510338E47891E9E2248349E1665897F2A02
                                                                                                                                                                          SHA-256:43429C208099375FA9FD521367429E21E24C46BFF9ACCE8185F16270CA23C0ED
                                                                                                                                                                          SHA-512:114F84A9F11FDFD9A22BD24084893025374E96B921D8A72EA81A52D1D75742FF8436658DA55C11554EE6872624483906ED77787CA4B5ABCAFCF314346B544197
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke Sikkert s.k - v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i Bing-s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du legge til Sikkert s.k i Bing for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing n.r du starter nettleseren p. nytt.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nei takk",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing."..}..//A72DA50EC9AC06D7482911C2F7459BA883D06416E8BC28EDE8D630AA5F1BC7517BFE51F448950ED756F6F8C9324714B9F09DA9ECD6CEBC538844F6B0E8AEEFC0++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):807
                                                                                                                                                                          Entropy (8bit):5.38083502499888
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HrtakxOEfqPZq7oYde5XPCF2sbde5XXiWLF5XTK:vkk8jPtYwRoDwsWJ5XTK
                                                                                                                                                                          MD5:5390F1358FB4E917C84EF5ABBC6C1658
                                                                                                                                                                          SHA1:EAC25B929A6FF110A89E16193763263CE887AD0C
                                                                                                                                                                          SHA-256:27A7D47438445F0BD5004A702E13BFD96B9914A073A023AAE7A4DE6023592C4F
                                                                                                                                                                          SHA-512:3B6E11C7F093EB57E9DB04DAC7B778E52B1BFB0E543DED0B1B46586130E242D830FFA6853918CC31D349D616F75C6A5BBAA4C76287A9418A3C67F6C8FDF1D446
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten op Bing vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u Beveiligd zoeken aan Bing toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_SUB_FOOTER: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine nadat u uw browser opnieuw hebt gestart.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nee, bedankt",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine."..}..//2AEDE587301434BD6F7D34E67A62ADC3A28EBCA3976817D65847907881E114CAC2C833806E77EEF466AA4C9CFB3C9511A83E097B4222AF2E53E2ED02B3200A94++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):840
                                                                                                                                                                          Entropy (8bit):5.562707190506282
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOnXZoB12oBsflpBcPMfaBpgXJveZsBpgXJZpucnp:qXZI12IAdcMGaX7aXztp
                                                                                                                                                                          MD5:8CD94C0E84D172021E443288F177B6BE
                                                                                                                                                                          SHA1:EB42776CCF5B8AF1C32DDD24B06F410B0613FE3A
                                                                                                                                                                          SHA-256:FBB644E96F686AE1851427470EA8E2445D108A5BC3E20E45B5071D416E5C548A
                                                                                                                                                                          SHA-512:9979911E8DD5B0D5B8F38EF614E3EEE6FBA3CAFE3F683C245B344902BBF4F11D80E04FC0BCC1D17F8220CB09D78AD1E8751321D0BDE4118EBFAB4481289D3FC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwa.aj, nie masz wyszukiwarki Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING: "Bezpieczne wyszukiwanie eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Chcesz doda. bezpieczne wyszukiwanie do przegl.darki Bing i uprzedzi. zagro.enia?",.. SEARCH_TOAST_SUB_FOOTER: "Po ponownym uruchomieniu przegl.darki w..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing.",.. SEARCH_TOAST_YES: "Tak",.. SEARCH_TOAST_NO: "Nie, dzi.kuj.",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "W..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing."..}..//16D96677B35676937A9D41C8627A98A69B3B83E9FA31CCF16B911ED626E8BF510AB621E7B6F782168A4AC9C6A67137828AC2014635F879EFCF5A8793EED15A2C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):836
                                                                                                                                                                          Entropy (8bit):5.28267754410806
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HEJVEPlVLVGGWF/7Qy7XTLYG7MJgZ6GuISWM8jgqtNpG7MJgZ6GuzKh3/Eb+jXS:7HouiF/rDTLdtZy6MTZtZyziv5jC
                                                                                                                                                                          MD5:FFBFB67FFF4A57CB2BF6B0976961FD32
                                                                                                                                                                          SHA1:9DDD77AA9A47D86CFF915BAB18D68B38DFE62670
                                                                                                                                                                          SHA-256:FBEB7FDA6D73218AD42017694C6BCA596FBD0373CAF7B48D7EE7BF85008F9EF5
                                                                                                                                                                          SHA-512:A8769F0B93CC6FA3A5654ACCAE15A5EC5F3319D6795104C2382FEBB49DF4602448E34C536B42EFCC17809624D8EA4DCA5A98A84D097681A450FECC1C5A4A5383
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Gostaria de adicionar a Pesquisa segura ao Bing e se antecipar aos criminosos?",.. SEARCH_TOAST_SUB_FOOTER: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing depois de o navegador ser reiniciado.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing."..}..//C25ECF30C4BD302A13219B5A268DD6617F0CFAAB4048B1A0E5C75C3AD1A63ABBD4C845D23019F3FECEA14F1F0157E753907514F9C05FA81CF5A471409291697F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):823
                                                                                                                                                                          Entropy (8bit):5.329367395193231
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HR7EVLOEcQWFnQgj7366Jb7yg4HjSa8jgqtMJb7yg4HjmDdgAB82PhWgmU4:7HRrnFjjhJbOg4uaTRJbOg4qiAGMd4
                                                                                                                                                                          MD5:EFD9A142051629949381A15651137D9A
                                                                                                                                                                          SHA1:06CFE48E497E024F3BE5DB00A204618C5E8C67A8
                                                                                                                                                                          SHA-256:A580628E3F4A89BAF57948A960029934F9A5E81AF9EF973525D5E4E787F0D49D
                                                                                                                                                                          SHA-512:FBC96E939F5848DD13C89852CC086022074F0405FE9970CF1CFE686EF6B55F673E860D27C506D146B091D48532D8DF823FADC1E14C105DEC381AD9034DCDE71C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "N.o tem a Pesquisa Segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa Segura ajuda-o a evitar os sites perigosos nos resultados de pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Pretende adicionar a Pesquisa Segura ao Bing e antecipar-se aos malfeitores?",.. SEARCH_TOAST_SUB_FOOTER: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido ap.s reiniciar o browser.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido."..}..//E803ADAF0E5B8F915FF234994EC38446AD7ECB6139E7EC509291AA945F7F628F5BE421906DAB7B099AF0B8EFBB160A26E546B184E132EACAEFE47014D010CC3C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1189
                                                                                                                                                                          Entropy (8bit):5.126253876575131
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7H0i5Cke6gyt20qJNs2OSVptfnZMtXye4qfjFsX58cMtXye4qfHC6stx9O:IMCke6gyJqjbOSfNnS9yHiT9yHK9stO
                                                                                                                                                                          MD5:9843CA14E0D8184651EB3775C31B5128
                                                                                                                                                                          SHA1:3048CBB11C88908F0FECBA09BED67CD0AF78141F
                                                                                                                                                                          SHA-256:5E3E2F7B7221C2B348EB99FA98C8B897A0B944ED3D8CF9D712FC8626A276913E
                                                                                                                                                                          SHA-512:393CC1AF009661741EA405BC18C10CC85E7918138D50C5CE9B8E690F3AFD8402FC7D5CA5186692707E4293CED3557306E3BEDBC835D6F55EF97E1CFB0BC12A5D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ...... Bing.",.. SEARCH_TOAST_BODY_TEXT: "........ .......... ..... . Bing ... ...... .. ...............?",.. SEARCH_TOAST_SUB_FOOTER: ".. ....... .......... ..... . ....... .... ......... ....... .. ......... .. Bing ..... ........... ...... .........",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "..., .......",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ....... .......... ..... . ....... .... .........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                          Entropy (8bit):5.700243558664091
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HUMukzWX/lJxvkgn45U1bORyg+yqto3bXsz7YWcm:7HmVXDxTbOsg+yuz7YFm
                                                                                                                                                                          MD5:BE2D6A1389AE9FB88C9647F21A2D5CE8
                                                                                                                                                                          SHA1:AED36EBFB36E6D75605B7ECAE45BA8046C6FA904
                                                                                                                                                                          SHA-256:86680FBD329AE08D4AA65432C290A35D9ACBE04B54AB4087DD9CBADA8750F38B
                                                                                                                                                                          SHA-512:8DFFEC80CA203AAF891ACBC47489D5834AAD4098B992F82D1E0A4D77C3FE13CD5AB46EAF490D2FF2B2E275213D6EF95880ED619F348AD6DA72661A004CFE333F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te zabezpe.en. vyh.ad.vanie . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s vo vyh.ad.vacom n.stroji Bing chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete prida. zabezpe.en. vyh.ad.vanie do vyh.ad.vacieho n.stroja Bing a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_SUB_FOOTER: "Po re.tartovan. prehliada.a, povol.me zabezpe.en. vyh.ad.vanie a.zmen.me predvolen. vyh.ad.vac. n.stroj na Bing.",.. SEARCH_TOAST_YES: ".no",.. SEARCH_TOAST_NO: "Nie, .akujem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme zabezpe.en. vyh.ad.vanie a.nastav.me vyh.ad.vac. n.stroj Bing ako predvolen.."..}..//4482827471F204E3CF5963D684DBF75B78AE5933F9404399755FD2B6A9A2E59F6D6248D3A145E8B79940C79A49BA15D222E30723290B39AB331AC24C4A199567++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):791
                                                                                                                                                                          Entropy (8bit):5.497616174223849
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HM3Rzi2T//nHkpIUaSB1kd1BgqDHCqtMB1kd1BgqRlgo6GBdihe7:7HM3B0T3kd/DDHC53kd/Dzue7
                                                                                                                                                                          MD5:B60F420D4E9C5CF72662E5D64B8CF1EC
                                                                                                                                                                          SHA1:CDFA09E1DBB11A6A960EA144DCBE7F1C3B17CAA7
                                                                                                                                                                          SHA-256:F7E5E8F5111BD5369979B92C1409B8F421CEA264884CE51858C82C965797BCE1
                                                                                                                                                                          SHA-512:FD6F20FDFBD61C0B5F9AF20418DD7EF74AC07322337480444D26ADF9C56DD74CEEE4B45F8663AFE7369AFB81E43C4B4BADA46D133F9050BB20355F496D96A603
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u Bing rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati bezbedna pretraga u Bing i ostanite napred?",.. SEARCH_TOAST_SUB_FOOTER: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing nakon ponovnog pokretanja pretra.iva.a.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing."..}..//0E4846AFB8160CCE421340A6DF95405F44E9D70A3FEB9306F787BFA142C7CBD10579A3E9F98362AA11DA6D935D1A133E38F29DE8F36814B26AD82A35E84D98E1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):847
                                                                                                                                                                          Entropy (8bit):5.475369864788056
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HBZa8gL2eN/Ttn2gW6DTXMoOF2FTnZ2gW6DTVi1EMeVljCCz:CuY/ZrT70GZrTkp6lmCz
                                                                                                                                                                          MD5:CF757C7351AED3455E772A926496AEFA
                                                                                                                                                                          SHA1:CB616A0D34E7FA86DF3BE171297507B01BC2E0D7
                                                                                                                                                                          SHA-256:417EB3E457AF7A78D01731B0E758345D123D8FCD2F652F29748432704D271526
                                                                                                                                                                          SHA-512:68680D92FD200A4631853FA0F56D7B3A67500E957A55E83B4D9078894C2D90888FCE68DDD0F10315D683F2DCD9FE7548D8FFF32C1A7FDE3D1AD5F4B09EAA4A3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i Bing-s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du l.gga till s.ker s.kning till Bing f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_SUB_FOOTER: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing efter att du startar om webbl.saren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tack",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing."..}..//747BE5AB5DD6F5DE8CB96EBD639FDF42EEF0AFD684EF611640FC1C8BFD9C221E06546E8FB0733498BE5FB42380DF1BDD409527B4C6D4FEBC18C53388AF8767C3++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):857
                                                                                                                                                                          Entropy (8bit):5.540532104557865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HMhMT4PwAf00hBLUF8Tt7zYE3MKUR59HQmeonSqt9UxQme7osBUDdbdqJVZh:7H8O44Yh88x/YE8PJfTnStfSB6yVZh
                                                                                                                                                                          MD5:96B8EED5F1398DDD82F4EB5DA1BF6F93
                                                                                                                                                                          SHA1:A713EFDC1EF6F65E3DF1D2AC43534C5D79D9C1F8
                                                                                                                                                                          SHA-256:5C449AA1E4D7CA792C0E82382B4EBB84EACC6B283BD4F6F5ECB67A539A61F4C2
                                                                                                                                                                          SHA-512:742FF4869769691798A7B164E5E5E7942393BA9C2E8B08F6EC6CC7034F5636C55EA78931A999597CA2E2CEA180860B5111BCBE85DEE2B8A6061E76156C5EB163
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi Bing arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "G.venli Arama'y. Bing'e eklemek ve k.t. ama.l. ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_SUB_FOOTER: "G.venli Arama'y. a.ar ve taray.c.n.z. yeniden ba.latt.ktan sonra varsay.lan arama motorunuzu Bing olarak de.i.tiririz.",.. SEARCH_TOAST_YES: "Evet",.. SEARCH_TOAST_NO: "Hay.r, te.ekk.rler",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "G.venli Arama'y. a.ar ve varsay.lan arama motorunuzu Bing olarak de.i.tiririz."..}..//439ED26CBEA259FD87D7C2C49DB2EACDE1E8351C21F28AC028563BD0FAFC8B1E44FF77711F51DE465E0308229BD9E6EF010CA52775CEA9DAF0B1F6307B50FF24++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):777
                                                                                                                                                                          Entropy (8bit):6.220881869000409
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HZeVjrLdwETCJeYNVLkfD9nktuLMSleNyunyHS8K+9qtBuKeNyunyHc28ymyYmm:7HujCHVLkr96S4fnyHd99zfnyHFjPm
                                                                                                                                                                          MD5:7933D7D94B07C1C29DDEDE2C03A78A9F
                                                                                                                                                                          SHA1:1F57F17F623EB4E954A134BA64C0BB8296CC2A39
                                                                                                                                                                          SHA-256:8820E1EB2B0E28088EE152F8F086CE1F3EB2B09E8E2443CD68F86F79DA695304
                                                                                                                                                                          SHA-512:D4B5FED4291CE52EC642ACF5AB4BC2D30EA0235F1AA32B0CB2620DDC2A5D24E072FFC516B8371273D11C94991C7A0B40C08415E06A47EDAB571F43D9F0AAFD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "......... . .....",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......................... Bing?",.. SEARCH_TOAST_SUB_FOOTER: ".............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "..................... Bing."..}..//890317085F8CEFABEC755868532EC221C9D818F415040A7AE5A387E513810A375EC8079997465CCB14FA1F0C6DDE69A1F1F4BC7589D708A11FD4D91B93B8D3FB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):747
                                                                                                                                                                          Entropy (8bit):6.176568616865499
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HdRjeD31S5BdlevclAZKdKX0S19HS8KFy9qtNSNv7l2Hch0lmjGGG+a:7H76D31Sy8AZKIz19Hd79qU7l2H2A/tV
                                                                                                                                                                          MD5:3B85E7578BA0B96B73EF59556E82E947
                                                                                                                                                                          SHA1:1CBDFF48CDFA06329E552F6A6044F39C1EDA2D1C
                                                                                                                                                                          SHA-256:E5E3B40926F66684B70BEAEFDD3329EBD160E50DF3CE593217A883BD34769218
                                                                                                                                                                          SHA-512:6DDE76E27BCCD6A68F0BC5A6F1EB71CDFCE2FF54C00BF413451E6B1CEDC6DDB2D8BF43C1BB77D2E375E994C1EA001F6916FBFD869D546D6AF18B4A811BE8D04A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...........",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......... Bing...........",.. SEARCH_TOAST_SUB_FOOTER: "............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "...................... Bing."..}..//142BEDE18BA7AB5DDDECDB37BC8963E32AA4B73E08B695DF0CFC9C7ED8926518FC53AEB0D078295B055C4F3EB5790599CC4E8DCE078884BB5DF250DA74327391++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7420
                                                                                                                                                                          Entropy (8bit):5.691914931807602
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CXLFSeinF0GY2zegRdgmgV+2bt9kuB9Ouy9kuv9FoEGopoMgLmVvuu38:CXLF5WF0SHMt9kg9O39kIOEGQZVds
                                                                                                                                                                          MD5:0AF7B0D19B981DAC7835AFC59D0A895C
                                                                                                                                                                          SHA1:F73D39431035097600FB458CD055F592D89204EE
                                                                                                                                                                          SHA-256:F30A49A450B25B73172D9ADE7DE59BE0D445081AABB272441BEB689F43C9D1D2
                                                                                                                                                                          SHA-512:7DD8DAE8C6C1000E5CD548649D08381521B19AD44A5466A5F81CC1EA3A49B037C0A8DDC8E77671A165D7BAD477976F9B035A4F60DACB3EAD2B6244A478FE7F40
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n..",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete p.idat slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ano, p.idejte slu.bu Bezpe.n. hled.n.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6899
                                                                                                                                                                          Entropy (8bit):5.422872173360446
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CjNwgL2CS6ddGw2jKK3A/BZ6mQNeTNlspRmbM1BM0t+lWcoLa8XcZ+lWch9FF/3c:CWToK3A/Bj32ttCWy8XgCWSj/o03WwHS
                                                                                                                                                                          MD5:B88C65F680FBB8D21DB06A956B6E4857
                                                                                                                                                                          SHA1:A0A6BB3EAF5B7C94373BFAC4670B09394C936D2D
                                                                                                                                                                          SHA-256:96146C96D178F61671C796307668D7CD08FF9CF8D14F619A264F414E5601B53D
                                                                                                                                                                          SHA-512:D517F64A8514B945D5EDFEA7710E528B3186414CDF821DE96DCE9A6BD17EAE53440034AF4A9D23C8A173F6F800C28C8932E0029BAC8E486CC60C3684D180CA89
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du v.re et skridt foran forbryderne og have ekstra sikkerhed, n.r du s.ger p. nettet?",.. SEARCH_TOAST_OPTION: "Ja, sl. Sikker s.gning til, n.r jeg genstarter browseren.",.. SEARCH_TOAST_DONE: "F.rdig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du tilf.je Sikker s.gning, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, tilf.j Sikker s.gning til min browser, og s.g som standard ved hj.lp af {0}.", // {0} SEARCH_TOAST_*.. SEAR

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7159
                                                                                                                                                                          Entropy (8bit):5.352254521660053
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:C9EB5FeK92iZaU3vFJMGNMmXdtUGj/7vFyDGkHEXcFt98m:C+5/btltJ/7vFOEMpv
                                                                                                                                                                          MD5:72A9D075BE6CA7F50BC8502FC097FED4
                                                                                                                                                                          SHA1:49C7C3670E8A296E821D52F4BBCB5B81389A6AC0
                                                                                                                                                                          SHA-256:9B51B9AFFE147ACAC7CB4AC39293ED89CADA6522CD9D40B7647B311321C059B2
                                                                                                                                                                          SHA-512:E797E73D93D59E4657FD883087235641ECA8D5F018EB6BDA99D798CEEA3E4C13CB12998C6D195F35419E2F4E2BAA05F5DC747795997E7E181F1DFDEF83B9C1FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "Wollen Sie Internetkriminellen mit zus.tzlichem Suchschutz immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "M.chten Sie die sichere Suche hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, die sichere Suche in meinem Browser hinzuf.gen und Suchen

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):991
                                                                                                                                                                          Entropy (8bit):5.765372087226622
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOM3oeWURG11jdHDUUOSj6TrY3jdHjdVtiSTj6cUnjdMA8Y9pcO48jeEy5v4:7HOvMrWh1WTMBgF5Rjnl
                                                                                                                                                                          MD5:AC1AB1A5C3522E1993EFA82AA6392230
                                                                                                                                                                          SHA1:BC08AE91A1D65EA1B0395B5F080F1B64B9B77CBC
                                                                                                                                                                          SHA-256:E30D87D35857D8007E8833A2951591585ADAB2D69614EC49584DCC468BAE9594
                                                                                                                                                                          SHA-512:399B70FCE8C0AAE1B1E4938A03A09E863A12E73CC6F5935BF5CA30EF1E0A94E90D7EA4A5D45B3E032C7552177D58B15DCD8647664BFD002BDEEF387F8587E2AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "D.l.te si starosti s t.m, .e budete sledov.ni online?",.. SEARCH_TOAST_SUB_HEADING: "Pou.ijte prohl..e. DuckDuckGo s ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Soukrom. hled.n. s prohl..e.em DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zaji..uje, .e historie hled.n. z.stane v soukrom..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy ve v.sledc.ch hled.n..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude pou.it jako v.. v.choz. vyhled.va..",.. SEARCH_TOAST_YES: "Vyzkou.et soukrom. a bezpe.n. hled.n.",.. SEARCH_TOAST_NO:"Ne, d.kuji"..}..//78E4C8A9ECD3F14644932DEEE8E0AFB4C675FE05800A7A6CF3878450A30239CC217CED8EA015DF6315C7BB6CF8657C8A459CAED3F2215AF27BE20BBF4357E2FD++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):900
                                                                                                                                                                          Entropy (8bit):5.583587789385049
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyODmFK9r7NWME1jdHvyjC8C9JYBjdHjda88SjNwojdbnEl48twdLORxG/kTAl:7HOvCQ9NWMEcCrYFnwinQ4KwdGkeLW
                                                                                                                                                                          MD5:A795497E5B860214E7B321E7E62C3DA6
                                                                                                                                                                          SHA1:DA11CF3323379526CC743F9034A66D00C258E91E
                                                                                                                                                                          SHA-256:80C415DC74EF8B294C40BF7D517DAE61B2004F870CB61DF1162C0B30843653C0
                                                                                                                                                                          SHA-512:A4FDA7FCDFA5A407E9CD28212029447A07194B6727BF8F4E018F82E0836E7CBA04CC67244ED583D42FE070E3A4890D98739643C073CCDC9F5D1392F476C93D8B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du bekymret for, at der bliver holdt .je med dig online?",.. SEARCH_TOAST_SUB_HEADING: "Brug DuckDuckGo sammen med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonym s.gning med DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} s.rger for, at din s.gehistorik forbliver anonym.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikker s.gning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokerer skadelige links i s.geresultater.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bliver din standards.gemaskine.",.. SEARCH_TOAST_YES: "Pr.v anonym og sikker s.gning",.. SEARCH_TOAST_NO:"Nej tak"..}..//453BECE13AB4A6814C489EDA7109940ED88D91DD5238443CE3E44645B4844D55BC9A6BA7AD9C665FF1AAF719920BDB55A0159D69B86766BDFEC186B1220F7CA7++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                          Entropy (8bit):5.5537200344672035
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOIV8tfCIjdHkjPqqbjdHjdar9jICnqjkjdAhalRVnzQYjLzg0QjNNO+NOr:7HOvc8yqrLLBQJ7NO+Ur
                                                                                                                                                                          MD5:62C9351571E9B70C529B0BBE1650E186
                                                                                                                                                                          SHA1:6E685D1681C6F68969C89F31A774D496A3619D0C
                                                                                                                                                                          SHA-256:FFB02A8085057968BE4193592191A4092C6D1889061AE0B0945A438DAFE3D474
                                                                                                                                                                          SHA-512:D8A08A9E0E925E9163E1B96E009482839CC3478F69A90746B8F70558654B78331A708A385AB4FDFEA69200CBFBF1C835C60E987731AEFC27E1F619308FE6455E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sie wollen keine Online-Tracker?",.. SEARCH_TOAST_SUB_HEADING: "Verwenden Sie die McAfee-Erweiterung in DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "Privater Suchmodus in DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} . damit ist Ihr Suchverlauf f.r andere nicht sichtbar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sichere Suche", .. SEARCH_TOAST_BULLET_NORMAL_2: "Die Erweiterung \"{0}\" blockiert b.sartige Links in Suchergebnissen.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wird als Ihre Standardsuchmaschine festgelegt.",.. SEARCH_TOAST_YES: "Private und sichere Suche testen",.. SEARCH_TOAST_NO:"Nein danke"..}..//20B5260045C69615632672AC3CD0104B1E57CB0B1EDAB5EAA6C5CD79FBDB87FE48A21A362CA91007DFAD49E2D30322E897327AB0344F24F7D6005A19030E1CCA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1278
                                                                                                                                                                          Entropy (8bit):5.518147815258277
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvdVOfNkrI8gvMi3QonM4diUPg4Z3TarwS3:CvdAVktgfQoMmiUDZ3TCn3
                                                                                                                                                                          MD5:9E2749A40AC2137D7873258524ACE18F
                                                                                                                                                                          SHA1:C945B26AC96CEC907F21529DCE13F5028DF9D53A
                                                                                                                                                                          SHA-256:4A5E4A85DA24C9485263FE4397727798F0A6B295CFF63AAF2A838FA6AD919DB4
                                                                                                                                                                          SHA-512:6ED7AB68286094A463F5A0C84D124409DCFF7BC65DE5AC57B3FE02DB8CDCFF2637D95B968DAB4906D7FA0CB0D8254B5BABD5D1C5243624663254C067F6DA1C93
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "... ........ .. ........... . ............. ... online;",.. SEARCH_TOAST_SUB_HEADING: ".............. .. DuckDuckGo .. .. McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "........ ......... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: ".. {0} ..... .. ........ ... ........... ... .........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "....... ......... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: ".. {0} ......... .... ........... .......... ...... ... ............. ...........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: ".. DuckDuckGo .. ..... .. ............. ......... .......... ....",.. SEARCH_TO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                          Entropy (8bit):5.539248357264239
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyO8zqqNPR4t1jdHMLBjaPCuYh8jdHjdatBjPvkTzgjdA8xvsHqZOdszXpO9bF:7HOv8moyALKFYhl5kTzqsHqlzXKqc
                                                                                                                                                                          MD5:F9E842F3615AB3A48C6F73DCD7AB9F5B
                                                                                                                                                                          SHA1:14B77175DA047BBB62A0F2BA1897B9C87F1F975C
                                                                                                                                                                          SHA-256:2A8349A0FB11C957DCA4BBC666D08B171C3D5C18E984F9DD113B65DC6F08E675
                                                                                                                                                                          SHA-512:A4E16CC39D674755C6E570F7429E99F9D5DEA0337ED2DA5722CFB05A1C36FAAB40A3965A10E5CD86F66E0C86AF0B0B6DC917EE4D881E2DA51D228FA83DD508D5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Worried about being tracked online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo with McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} keeps your search history private.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocks malicious links within search results.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo will become your default search engine.",.. SEARCH_TOAST_YES: "Try Private & Secure Search",.. SEARCH_TOAST_NO:"No thanks"..}..//1F6BBD78FF71A6E86A22F74CF8885B3CB12921D09A7B00C7F6D9E6C2E66154E368C4F2328CB80CAEB93836A62D76DD4EF6D47EF8D0F5C2884016C84145F40947++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):945
                                                                                                                                                                          Entropy (8bit):5.566317231814581
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyO9ocZRs11jdHCajW7SuTQQQjdHjd0Fmzjq0KdQjdEiSZSUjETASKse+krTq6:7HOvy71A7JPmS0gR54TYzmH8v
                                                                                                                                                                          MD5:EFA7F2BE0D78290500250354A70DF1A5
                                                                                                                                                                          SHA1:9B120B02B9956EAF2F453F0C7E4C3693D26080AA
                                                                                                                                                                          SHA-256:9F39A16F86B26E6A6D92816FD89AE93477BE0853CE3D4472A9E86811F6AE9F0B
                                                                                                                                                                          SHA-512:999846F8DC5C42BFC08826BE6BACCA591A0A3B7FA59013F11B523118E5DC8851162C02D9BD926FC5342A975E44CB62A12D2FCCFF8BE8F23EE416411AF23BA043
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que rastreen sus actividades en Internet?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} garantiza la privacidad de su historial de b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea los v.nculos maliciosos en los resultados de sus b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ser. su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe las b.squedas seguras y privadas",.. SEARCH_TOAST_NO:"No, gracias"..}..//2CC7F7DE8FB2FB8F2D23DA93931DC7E74286D496627D3890C9B4F68A2E560E1C0D5F5C56A66878CF66A2D2B212647AE9774E5E623F37A5EE66A7CCEB1AE4153C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):925
                                                                                                                                                                          Entropy (8bit):5.5849308487806795
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyO9ZHhHmdks11jdHCajZyFK2jdHjd0Fmzjqrpo3FK2jdEDE/ZSUwIesOFsJzR:7HOvdHmdN1nnzmSiA74HcHy
                                                                                                                                                                          MD5:FC39A3F152024DBB756DB5AC6BDD5B62
                                                                                                                                                                          SHA1:72E644ADF19CF079367754BCFF0A82BA86549BC4
                                                                                                                                                                          SHA-256:A3DBC64103C0AC500B6B62EEAF56C5894E58A9FA4E27AD83AA8C6EA1F8E81FBA
                                                                                                                                                                          SHA-512:C0881795BD47A28E05D92E18DE50B627E1C1B3B5A78A892171E16894BCEB26EAAB0A31307E658DE0D08098E4791220283EFF18234671B7E0AD02CB2028B9F977
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que lo rastreen en l.nea?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene confidencial su historial de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea v.nculos maliciosos dentro de los resultados de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se convertir. en su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe B.squeda segura y privada",.. SEARCH_TOAST_NO:"No, gracias"..}..//3D2C0AE6485024CF92B23EB01DD8179A977718DA7F854638666EF61B95C62C645B7527A63372E0E6A3D037D38D349760A50A939A7549BB1C97F6A87F75B473A0++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):870
                                                                                                                                                                          Entropy (8bit):5.535887266500711
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOmciWozjdHJmavj+rUEpjdHjdXpvjm0QCojd6U9hZ/kTIzRiFbSYE+s8:7HOv7iWoCUEBJOhuTI9GM+B
                                                                                                                                                                          MD5:21F24F0372570F17FE9AB75F1331F96E
                                                                                                                                                                          SHA1:4E9F36786F379DA7580D7A515F14F8E2C00DA32E
                                                                                                                                                                          SHA-256:462D9A1E2301118CA7C6797F8F35BA39A28D0B3F3CE823A1DF80966F7DC4AAD2
                                                                                                                                                                          SHA-512:E92E938F6D54A2FEAC2DF49D6BBE5F8DE7B965F971D939F619BEC49E75C64D654405C792CDFE874E61A50AED0717D12A05DCCD0383ACADDA00A71E7D91D01B6F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Huolestuttaako seuranta verkossa?",.. SEARCH_TOAST_SUB_HEADING: "K.yt. DuckDuckGota yhdess. McAfeen kanssa.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGon yksityinen haku", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} takaa hakuhistoriasi yksityisyyden.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfeen suojattu haku", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} est.. haitalliset linkit hakutuloksista.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo valitaan oletushakukoneeksesi.",.. SEARCH_TOAST_YES: "Kokeile yksityist. ja suojattua hakua",.. SEARCH_TOAST_NO:"Ei kiitos"..}..//1EDE6C7C81D1A8A01496AC68C635E667AD8A61F644BC3A913F15C4BFB8E84A26ECC168874847DBE2868D8C7D920A9F3D80963B1D37C3A13EF9244022711295A0++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                          Entropy (8bit):5.52620674882107
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOZKM/Jvf1jdH+9kRjBjdHjd55wjq39M5vjdShWvw/jFeOBjgVfx:7HOvBRMkbb7Wvw/jFeqjWx
                                                                                                                                                                          MD5:A2425A5D97FB524D51ED0098C4944361
                                                                                                                                                                          SHA1:A603A364A603F22E0F36FB45483E1915C53599E9
                                                                                                                                                                          SHA-256:961FC9B98AD67E001A3D1B7020E18BA9A1D75BA3980C8209319740A98ABA338D
                                                                                                                                                                          SHA-512:C473FBC791B9CF58290AE27C9F0676B28EFB3D9FB9647B8C7A449238F0F3B1A1D10C9BFBDA2F38D2A5D0F5B4F712269366743B1D4F7A6D7686B3CE8FFBE8D6D7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Inquiet d'.tre surveill. en ligne?",.. SEARCH_TOAST_SUB_HEADING: "Utiliser DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche confidentielle DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} pr.serve la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloque les liens malveillants parmi les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo deviendra votre moteur de recherche . d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et confidentielle",.. SEARCH_TOAST_NO:"Non merci"..}..//3A18BBCCF24ADEA3BBEE07D7440F6C54FA3FCFD2263540CBBA07D56F6DC1F1FCA55B6A4F607DFBC09F28DF7DAA3BC3355085EA12D1FF32DEE2094E82EE204E0D++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):949
                                                                                                                                                                          Entropy (8bit):5.553229361376515
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOR04/yohvf1jdHUzhCSjm+MjdHjd55wjDDJ3tp5vjdG4kWYXF9owhBbhvUY5:7HOvVyoRAzhNwKTkWYcwh5Bd9js+MS
                                                                                                                                                                          MD5:EC0E360434D61628F708F117FCFA8AAE
                                                                                                                                                                          SHA1:4C30BE0D7C68CD08276012BBBBBB339A69E825A0
                                                                                                                                                                          SHA-256:1BDB727046B0D9DAFD819E9CCEB9480C496867B7ECC05D69B615B877F5E1B932
                                                                                                                                                                          SHA-512:4AB8B304EA0C638EBCCA9B09ABF82E6272DBC34F3D6BD6028063A9F74E4B5671C838B1EDBC12200A34D3FB633ACDE354732A0D0655E24DE9116C4BA0AB87EB12
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Vous avez peur d'.tre suivi en ligne.?",.. SEARCH_TOAST_SUB_HEADING: "Utilisez DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche priv.e DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "La {0} assure la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "La {0} bloque les liens malveillants dans les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo va devenir votre moteur de recherche par d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et priv.e",.. SEARCH_TOAST_NO:"Non, merci"..}..//08CFD540ABCCBB01C658146D9633E0AC86CBDF8D9850D902A10E7760ADB2A346DCA0DFE3EC0AF5D44DF80A9063794BF3986286A3AED347F647F4B89F26A2979E++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):931
                                                                                                                                                                          Entropy (8bit):5.602724631555376
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOXmRUFqyW+1jdHOhjsgv2jdHjd6D39hjpfzJujdXoBcBw1S9Ieziy95v:7HOv2iYT+0vBZflUZVzz9J
                                                                                                                                                                          MD5:30626AA664B4C8817732C3C47E91372B
                                                                                                                                                                          SHA1:52EC037B682AFD550BF832136B546931C40303C5
                                                                                                                                                                          SHA-256:833908A51251BFEA658A1EC3F4B6EF75AA72FCC7CE3832F7AEF6015C99394547
                                                                                                                                                                          SHA-512:F9A80716758B9BD8A2821110A653A9F3BCF765F9F703AFFBA234C14CC2A68260A5190AAD03F1E44734208F08CB180174E6DD909B30F1B56A591C73A0D709D864
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabrinuti ste oko pra.enja na internetu",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo s McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo privatno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} dr.i va.u povijest pretra.ivanja privatnom.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamjerne poveznice unutar rezultata pretra.ivanja.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. zadani alat za pretra.ivanje.",.. SEARCH_TOAST_YES: "Isprobajte privatno i sigurno pretra.ivanje",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//7FCF789AE4D975F2BC9B78540C9A897CFDA71BE95818CF6FE1A9D223BED7B6058A8F29A238F0E08946805E22692736613AFF078418554484EBA70DEEA0B498FE++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):989
                                                                                                                                                                          Entropy (8bit):5.713237710998534
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOaC24TjrjdHGSHBjXllzFrYjdHjd8dHBjzEfCsbV0kjdUcjaSC65dGE76U87:7HOvaH6ESZzFddFE8dTadv6U8bZdyYn
                                                                                                                                                                          MD5:CCA7BB471FD815B5B22F69B9BECD669D
                                                                                                                                                                          SHA1:EB434E3936FE8479B15E2300BBDFB118812D181A
                                                                                                                                                                          SHA-256:70B3B929106A75E25C7E4212E5919DC9C099FC5C19BC8D025758B02E0F595CB6
                                                                                                                                                                          SHA-512:E332C5FB88FBAA4556FA658BBFBA5C21F6A1E427F624A7BDE74D5593D076B44B94343592C4EEE8C95C6063DC376F38F928EFD753A5597479E7AF093B3FED4274
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Agg.dik, hogy k.vetik online?",.. SEARCH_TOAST_SUB_HEADING: "Haszn.lja a DuckDuckGo szolg.ltat.st a McAfee-vel.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo priv.t keres.s", .. SEARCH_TOAST_BULLET_NORMAL_1: "A {0} gondoskodik arr.l, hogy keres.si el.zm.nyei szem.lyesek maradjanak.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_BULLET_NORMAL_2: "A {0} blokkolja a keres.si tal.latok k.zt a rosszindulat. hivatkoz.sokat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "A DuckDuckGo lesz az .n alap.rtelmezett keres.motorja.",.. SEARCH_TOAST_YES: "A priv.t .s biztons.gos keres.s kipr.b.l.sa",.. SEARCH_TOAST_NO:"K.sz.n.m, nem"..}..//866BCE4F4124715994B9EFD585EB316B45D54DE9ABE229CF779B3D8C8D58073BF160A55F6082E6B912480BFCB46C93EB4C0E8391923A0149A3994CD4964DE267++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):886
                                                                                                                                                                          Entropy (8bit):5.455323924505363
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOfOMUUAR11jdHbFLjichFDojdHjd1TzjX+BbtAfpPjdEira8KF6wGysnnL/e:7HOvfa1fhFwTv+MfQiraewT6yt
                                                                                                                                                                          MD5:93C2A38A943F3FAC0C44C9809F113BD8
                                                                                                                                                                          SHA1:FB8254401C4155B7F4D535E0EB576C85B842334E
                                                                                                                                                                          SHA-256:BF0F6785F4FDDC680DDA874F9E1D4CFAB21ACBF8C301951266A2261B73CE7577
                                                                                                                                                                          SHA-512:A3AD58A7B5D4A8B404AAF85DA9FA9BB2012F196BF0E02564614F523380B2641D518F9FFF97029A2E882249FA8AA5D1897AAC157DEA37329C64FF74D5222B419F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Temi che le tue ricerche online vengano tracciate?",.. SEARCH_TOAST_SUB_HEADING: "Usa DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Ricerca privata DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene private le tue ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Ricerca sicura McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocca i link pericolosi nei risultati delle ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo sar. il tuo motore di ricerca predefinito.",.. SEARCH_TOAST_YES: "Prova la ricerca privata e sicura",.. SEARCH_TOAST_NO:"No, grazie"..}..//A7499B4C185993FBBD5EAB660B5FF8BDBD534CD3A3DF5CD855718A0CECBBD8BCF201CC03CB79D9CF5BE90100A515A299A20FD9DB258E3B507C970D75321A7E65++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1089
                                                                                                                                                                          Entropy (8bit):5.8955240087132745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HO+ok2PLDnWzuynP6aG3/jD9vEU0nWzAAH9rEmlFIGx+:CZPQiaG3/v9v39EGs
                                                                                                                                                                          MD5:DEFA627147C91E3C12C6004FC297D12E
                                                                                                                                                                          SHA1:851AACD95AB4DA0CCD004E3A4691BA32FFD13279
                                                                                                                                                                          SHA-256:18BF713D55F8C89E1107BFFB23E2F00020476A7E9C0CD70F2E2C8790D596D36E
                                                                                                                                                                          SHA-512:5349D2D7118A2DDC86B074667003FA05FBEF398CF1E5744DF424762886BAFD938A470705C964F05D19D9D4980F0488BC733E22E58FF23ABEC8ECD47792032D86
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".......................",.. SEARCH_TOAST_SUB_HEADING: "......... DuckDuckGo .........",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ...............", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "..... .... ...", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}............................", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...................",.. SEARCH_TOAST_YES: "....................",.. SEARCH_TOAST_NO:"..."..}..//7EEFF685C98A6C86E3375E6A00FE427BFA3FDA64E

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):961
                                                                                                                                                                          Entropy (8bit):5.986397871278456
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOVlzFX8YwOhLRjdH2Zvj0qSwjzjdHjdipvjZF3jlESzjdQecDhLpjCn+OHeOdo:7HOVsYwO9mpSP3REz59pe+hO1YhD
                                                                                                                                                                          MD5:14F347718FAD5752880CEC5B08DD3BED
                                                                                                                                                                          SHA1:35484FE06D5FB4444356C36B1480BA0B99F64809
                                                                                                                                                                          SHA-256:9129C0820EF0C58CEB174F14200B0AF9198596EF052FB4C07F5B135B7A5097D5
                                                                                                                                                                          SHA-512:CC866DFD0EC93DA0D84274FF403F888992496D99B9DCFE58EAB4F5CAEC223809F058E5CE5987FE7B1C5E9E9E189A9888ACB4DE815C373C50B6647BCE1C8A32F1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: "... ... ......?",.. SEARCH_TOAST_SUB_HEADING: "McAfee. .. DuckDuckGo. ... ....",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo .. .. .. ..", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}.(.) .. ... .... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee .. ..", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}.(.) .. .... .. ... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo. .. .. .... ......",.. SEARCH_TOAST_YES: ".... .... ... ...",.. SEARCH_TOAST_NO:"..."..}..//34D180B77E21B01CE282AC79BC2E23DB886233349B8F2600E275E3B920BE926B8D8EB6ABACB4199B931D4BA30EE47710C848A099860A916973F861A4576E134A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):845
                                                                                                                                                                          Entropy (8bit):5.5416390947886915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyORW/G1jdHMLBj+WjdHjda+jns4jdHnfUMX4MFPYTDv86I:7HOvmGAL4mnfoMFwU6I
                                                                                                                                                                          MD5:015DD8385BAA2A703041AC3DB5E90989
                                                                                                                                                                          SHA1:78D5BE1D58951E70A8F97F347A4658FD929E76EA
                                                                                                                                                                          SHA-256:8D193A110819F6C2F759694AF67346E981884F32A332CE310422AD6056D518F5
                                                                                                                                                                          SHA-512:98405C01D5D3C6AFD07F821145BB7B4EBF1D14F7984CBB8AD83FCFAE39BA3FA23C263BE38A9D4951127FDBBF49461BDD16E4C8F5EDD55CC0E536E5B600D1F8D5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du redd for at du blir sporet p. nettet?",.. SEARCH_TOAST_SUB_HEADING: "Bruk DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} holder s.keloggen din privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikkert s.k", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkerer skadelige koblinger i s.keresultatene.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo blir standard s.kemotor.",.. SEARCH_TOAST_YES: "Pr.v Privat og sikkert s.k",.. SEARCH_TOAST_NO:"Nei takk"..}..//A3C20748E79E79060337391538E8AFB06542F14EA9687EFA410B6672B2C5A44CD6EFA8086A3E3A887A23EA0208E6CC59DCECE178755F9EAC4498A6BD3B4C3A15++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):872
                                                                                                                                                                          Entropy (8bit):5.575280179937842
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOEKAQ1jdHcxRVjWw5KAjdHjdJMyVXjjvc6jdAYy0IYywQsHLFLdGvWsn:7HOvEPQCRsFCZ6dwQgnCWsn
                                                                                                                                                                          MD5:4AE3B6469961C258E33B47F2CB59106C
                                                                                                                                                                          SHA1:8F06FD4DF1F7C972F9DC239768CA24378EB2BD1A
                                                                                                                                                                          SHA-256:46BEB4D3A922BA7A94846607208F461EAD79C91DB1005D98E2AF117A7F360B56
                                                                                                                                                                          SHA-512:7C3366AB4220E3DFFDC13BC68F5CDCD91F39E28E44978827A584E63C6C8311918140276B01A5F237CDE18A8BDCCE89D05250224C8B1C928302C4A8673AE38FD2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Wilt u niet online worden gevolgd?",.. SEARCH_TOAST_SUB_HEADING: "Gebruik DuckDuckGo met McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Priv. zoeken met DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} houdt uw zoekgeschiedenis priv..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkeert schadelijke links in zoekresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wordt uw standaard zoekmachine.",.. SEARCH_TOAST_YES: "Probeer Priv. zoeken en Beveiligd zoeken",.. SEARCH_TOAST_NO:"Nee, bedankt"..}..//10DDB4C652C040546E705001ED34439514CEA3E569EEB41B46DD67684BF4DC190BE125EE61087D8A8454C84109337C1D65B1F74668B7248BB6BA7CA344475A89++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                          Entropy (8bit):5.751602836444056
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyO7RR9AOx1jdHZ3LPjgnH8co3L/ujdHjdJ+ot3LwjNIg/Q3L/ujdEv3X2WJty:7HOv7riOxBHc8doB0k/fX2eB1W1oIr
                                                                                                                                                                          MD5:8E26BF7C12E07F410042FD9407770BF2
                                                                                                                                                                          SHA1:BEFAE78976B7F10569F41D2ECE33FD0447241BD4
                                                                                                                                                                          SHA-256:014C2194DA2357B03ADD7A350D38F8E9F72D0AC570349D05A0EBF201A64F5CC4
                                                                                                                                                                          SHA-512:5E185E487D4B3C11900E8B9D9536C9AD688C8ED27FA1A1DF7F86FED258972EF999E5EEA74154A53D7CFE0225EB58CF7CCF47ECDCC164392C1B609B791CDEDBC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Obawiasz si. .ledzenia online?",.. SEARCH_TOAST_SUB_HEADING: "U.yj przegl.darki DuckDuckGo z produktem McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Prywatne wyszukiwanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "Przegl.darka {0} zachowuje prywatno.. historii wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "Przegl.darka {0} blokuje z.o.liwe ..cza w wynikach wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo stanie si. domy.ln. wyszukiwark..",.. SEARCH_TOAST_YES: "Wypr.buj prywatne i bezpieczne wyszukiwanie",.. SEARCH_TOAST_NO:"Nie, dzi.kuj."..}..//E03606EF8215952BB9F638478B67D9C6747E55499DE3441D7704CA699722694ED368ABD0AC39472B680766D43E11B63B1436A4CC0A2B6C64E30D91657E383E0F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):905
                                                                                                                                                                          Entropy (8bit):5.557943167508346
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOamduRsK1jdHMLBjSHajdHjd2OtFcjq/C9yd+WFujdEiXGunNwDFPGtjSXXO:7HOvam9KALhB60FDYnNsPGWi
                                                                                                                                                                          MD5:C0E235A82F47A50A456ECF4725749CA1
                                                                                                                                                                          SHA1:110FD8EE366CD684E250BE399D2213BAB532BE2C
                                                                                                                                                                          SHA-256:BE0282812978AB1FBEE24080F9F342FF97772C41C4F130C5B9B03F8D9AF5ADD3
                                                                                                                                                                          SHA-512:EA732ED8345245923AD0C0CA79EEF6E6E198F3F82EC490751E8D4D8720A2AACFCD4C2F1349CAD51E749322CA57AA3DAE9BFDCA72170AC343386BC7994581DEFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Preocupado com ser rastreado online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m seu hist.rico de pesquisa em privacidade.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia links maliciosos nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se tornar. seu mecanismo de pesquisa padr.o.",.. SEARCH_TOAST_YES: "Experimente pesquisas privadas e seguras",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//6B7AE701F838F08D676057D561B3DE5CA4B48101AEAD7466F557A1B351ED31F5644BD5068060D6B20238464CDB3CAD1DECA2902CBD400B27BE980F2BFB00C5DD++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):949
                                                                                                                                                                          Entropy (8bit):5.57686809243626
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOwON2GFfK1jdHcwOFoSjPH5jdHjd2OtFcjq/CGMoujdvIjmg57IIePGtjMRQ:7HOvwONFFfKEG+B6Ur5wPGSRvT5T3e
                                                                                                                                                                          MD5:E7C848CC8BEC0EC6FC7D81A2B790B7BC
                                                                                                                                                                          SHA1:DE0AD53FD818B388BA8656D4CDEC72B5489568BA
                                                                                                                                                                          SHA-256:A75ABDD5C74CA29B64E087B5FEEE9EA67DD7BA0A9F88609D225EE95B0E8AD8BC
                                                                                                                                                                          SHA-512:FC3AB831CE6375B778E83860B3D96F3CA11262B883DEEEFC66B55CB13FDD92272011CC378C7EEC01DEB1BE32B0A4E31F96DFC0FF833B808B1643C79AB993520C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Est. preocupado com a possibilidade de ser monitorizado online?",.. SEARCH_TOAST_SUB_HEADING: "Utilize o DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Pesquisa privada do DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m o seu hist.rico de pesquisa privado.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia liga..es maliciosas nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "O DuckDuckGo vai tornar-se o seu motor de pesquisa predefinido.",.. SEARCH_TOAST_YES: "Experimente a Pesquisa segura e privada",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//DB4E124205BE5E52D854D8513D6A5C19DC939BA164EF1B591E98E6EC6A2B74BBE48397D7F59069967AF6C8D8CA06312BA5AA04CF76FAA944A677AF782641D530++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1248
                                                                                                                                                                          Entropy (8bit):5.455304470642038
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HOvEzOMHAIonuRIovfPFt5rNlvytaiSAF+RQX/XJfzi+HtrXW:CvEK6AuLfPFPfvyciSAFffJ2+Htrm
                                                                                                                                                                          MD5:E285DD50E8492E68D9879BEFF16C24C3
                                                                                                                                                                          SHA1:573D97F2752D3B185D88BA1B22F01A838406D03E
                                                                                                                                                                          SHA-256:B8CFF6506B014BF2F33CEBD2213B6F187DC984D888C93A2632588729E795651B
                                                                                                                                                                          SHA-512:CE0947867FF21B9AE3D89CF05F3BD5373EDDF4D909410A54C5D186B3E54F1AF5BDE8C929B277AE9CC86A4663276390740E79A7487C52D6A5190000770B767988
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "............ .. ...... ............ ...... . .........?",.. SEARCH_TOAST_SUB_HEADING: "........... DuckDuckGo ... ......... McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "................ ..... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ......... .................. ...... ..... ....... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......... ..... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} ......... ........... ...... . ........... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...... ..... ......... ........ .. ..........",.. SEARCH_TOAST_YES: ".......... .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                          Entropy (8bit):5.802499279139034
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOuKOG811jdHvXjy9RDujdHjdVlj6cKj/ujdDEmy9g72ckfDKeN3QV+D6O:7HOvuKp81rOOI7jRN9Y2ckfDV3Qcp
                                                                                                                                                                          MD5:74BD8CFC00F8CDF39E5C2372676467BA
                                                                                                                                                                          SHA1:2D9685E03CF4FC928B52B7215108213B8EB1E930
                                                                                                                                                                          SHA-256:5BBE2B57EA87C658089B32230959554EF02AB6E3C56C90215D52D208877A1EE1
                                                                                                                                                                          SHA-512:81E59973DCA8419D7CF03383B066068311DE19A15B6AE88AF9266236D2171F0F7D9120488DCF077061A7389255EBF7E318B6EBD21D248BA7585519D1E59F3F69
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Ob.vate sa, .e v.s niekto sleduje?",.. SEARCH_TOAST_SUB_HEADING: "Prehliadajte pomocou DuckDuckGo s.ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonymn. prehliadanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zabezpe.uje va.u hist.riu vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy vo v.sledkoch vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude predvolen.m vyh.ad.vac.m n.strojom.",.. SEARCH_TOAST_YES: "Vysk..ajte s.kromn. a.zabezpe.en. vyh.ad.vanie",.. SEARCH_TOAST_NO:"Nie, .akujem"..}..//796B067838DC6674E8B3E2A13540570175B9C6A0A28D9AF3D02A2B321560852FA40D85B15B0F1B1C06E3278ED1E1694C75E1001DA6CC7D19FEDA5131127BE339++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):899
                                                                                                                                                                          Entropy (8bit):5.611279847020601
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyO5bp57xqyeE1jdHqj81jXjdHjdSjqQf7jdXoBSLgOYk/fhpNBmjcu4GTy:7HOv5rcsh1jlQfddLj//ij+
                                                                                                                                                                          MD5:553C67EE6AA012C0070A022A9789BAB4
                                                                                                                                                                          SHA1:E93AA806D9B73A6A08429D78590ABF2C334C33F0
                                                                                                                                                                          SHA-256:14DE1BB65D9A9DE1273C6D1AD14B686EAA2496A89D9B443062BEFCD6DB733BAB
                                                                                                                                                                          SHA-512:12E05FEBF3FD17C80379D39E5C4C6C741D07A7C519C44656E6E04DB45104C82CFE7C18FEF39C8B1C7BE5D3CA5B2152DFDBCD41732C150AB624A13950EBF21574
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Brinete da ste pra.eni na mre.i?",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo uz McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo pretraga uz privatnost", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .uva privatnost va.e istorije pretrage", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamerne veze u rezultatima pretrage.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. podrazumevani pretra.iva..",.. SEARCH_TOAST_YES: "Isprobajte pretragu uz privatnost i bezbednost",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//E5BA3232DFEA9DC34195A10163F9DE28B68C3F0434B326B3CF281367E6B6375E8759F2E92C156014B4CD72A9F1FD87632CA601E766A0DB6BC9A719453C64F4FA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):855
                                                                                                                                                                          Entropy (8bit):5.62439385080059
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOP10P/1jdHgjNejdHjd6HjSEqNjdc+yJLzwd3IBzgCXa333yd:7HOvt0XKYEV+yJ/wFIl5
                                                                                                                                                                          MD5:7B3E55118C8CC897C81C1490E1592E78
                                                                                                                                                                          SHA1:C4EBC15A02738B4656D212288BF4038716540325
                                                                                                                                                                          SHA-256:4B1F5D7EF73AE33F1ADD3A93A7854812CDA70AC4A54D0FB37C4563ACB6E2E97F
                                                                                                                                                                          SHA-512:B634317227FDE4B5888D6AFFF4A5D2172CA4080FF69E7ECFA176D3525F213A8DC1654EFA2920D9775BDE223AE72C9C525128427648F1841E834CAEF6783B262B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".r du orolig .ver att bli sp.rad online?",.. SEARCH_TOAST_SUB_HEADING: "Anv.nd DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Privat s.kning", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} h.ller s.khistoriken privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee s.ker s.kning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blockerar skadliga l.nkar i s.kresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo kommer bli standards.kmotorn.",.. SEARCH_TOAST_YES: "Testa privat och s.ker s.kning",.. SEARCH_TOAST_NO:"Nej tack"..}..//40420EE3C4957B88336546C5E19F3833F71175BE18E14ADD7D684C61E27AD71E5D19939A6054238013FC1D23DC2B419904C4E6F572CE6E7AB1C591750FEA0055++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):907
                                                                                                                                                                          Entropy (8bit):5.66545534231225
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOb0kPX0jdHCZjHvLWjdHjdatBjQ8JI3chAjdKlaUAcYQHcnT5O9a1J6:7HOvb023vLrubY/YQyTD6
                                                                                                                                                                          MD5:824195E8529D49CE8DBB45AF8A4526B7
                                                                                                                                                                          SHA1:21652581D0B81873FCCF951656526E34373879FD
                                                                                                                                                                          SHA-256:5CA38765F950A69CFFF388F8151FC642D492AE6105B208C5D8712F00DA38A62E
                                                                                                                                                                          SHA-512:6C54DB399DCD21B2C88E0A5D1A0AD8A8DA46CFCC2648A736D8F9DB67AE28C252872DDFD4AAE06E571804B936050478189DA7E0D434EB450D7D07B5BBD3FBC1CA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".evrimi.iyken izlendi.inizi mi d...n.yorsunuz?",.. SEARCH_TOAST_SUB_HEADING: "McAfee ile DuckDuckGo kullan.n.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Gizli Arama", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} arama ge.mi.inizi gizli tutar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} arama sonu.lar.ndaki k.t. niyetli ba.lant.lar. engeller.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo varsay.lan arama motorunuz olacakt.r.",.. SEARCH_TOAST_YES: "Gizli ve G.venli Arama'y. Deneyin",.. SEARCH_TOAST_NO:"Hay.r, te.ekk.rler"..}..//ED3B53EA73DDCCBB6789F16FCD0D2DFFFD3FE2E4A30029C5B00A24CD64D5C574BB6EE5D9FED833AAD6C56E2D369EF0111C878F8C4CCF2C21975FBD6D5CDEBD46++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                          Entropy (8bit):6.110407142276801
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HO+9p0jdH4Ly0jJwCjdHjdOZLy0j2u1AjdKeNygHChN3LUic3iIg4AVGTjaWC:7HO2Lyyw5LyHf8gHyLlc3lg4Asal
                                                                                                                                                                          MD5:A39B6756E0010C6EBCD6EACA04DA6CC0
                                                                                                                                                                          SHA1:9F1127CF76AD978B9B0DB35B1D79B08C7C683796
                                                                                                                                                                          SHA-256:548868E3D9A6594B8D09D343283F72BDB362B051BE1D5EB8265C2DA8F75735EB
                                                                                                                                                                          SHA-512:F9EAE08DD1815EE5296A63C4CD83B664B2936EF710E167278F37A32F2FA50F4A528462721A657FD240832348E1A238762B7E7C633E6CF05899771157AFABB038
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "........",.. SEARCH_TOAST_SUB_HEADING: "....... DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ....", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//B768A285DE0438C37B1EDEB07896374615C31BDD662914F3488856A3C0221F560B0F98EFC76CD03E2BCB009F39008F80EA0D7BD238DF5599E042099BAA882550++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):863
                                                                                                                                                                          Entropy (8bit):6.095775654474349
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HOyOOcMZGjdHMLBj8SC5jdHjdtjkYjd/eBAM+bCvieD6ijM:7HOvupLyFeF0mjM
                                                                                                                                                                          MD5:FD8E7E8D75FF63AD21740C9FCAC51E2A
                                                                                                                                                                          SHA1:2C05818D69258F6F1A88355453BBC774E93F8A2D
                                                                                                                                                                          SHA-256:191F5B43BDE8AC16BC8EB9F1066AEDDB946842515B0B6B3092DCE99D6E11FE32
                                                                                                                                                                          SHA-512:AF17FBD26DD80973BE49E85F823C2ACB147869CADFDFA218DF9EAAC37F14412B2FB18697088EF84C8C172B0CDD43CB358A4DC658F83BE97EE3616F015159CB3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".........",.. SEARCH_TOAST_SUB_HEADING: ".... DuckDuckGo . McAfee ..",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee ....", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}..............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//ED64C1C9AA14D2D938E79D24EEE6EFAA66AE3FD8D9E81D3E15A8C48791F0A4E78C142F1A77FA1F73D70C1F9354DED851C63C6901DB50FE640DAFD1479CD16818++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11879
                                                                                                                                                                          Entropy (8bit):5.001882854112839
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CBketuJEUrvtH9Ai5trhElBXXrhEN1QtfT6GQ:CBksuJEUrvNyi5tKBnkQVOGQ
                                                                                                                                                                          MD5:AA5032FE9B433362F30769BD096D16C7
                                                                                                                                                                          SHA1:B6359895A8A5914CC05F9F7B7B1E510C429F1661
                                                                                                                                                                          SHA-256:2A7ED01FF290E87AFB4675ACC8FF32280778C81AD25C179F64A43FD38E6839BA
                                                                                                                                                                          SHA-512:0A144DD1BCD81704CDCC86609A0DED08A1424BA46BBF7172A36BAECBA9737E03BFB8E71F61CC1F2F9772354579FFBAA80BDE22AC6707A3E8FDF215CF193BF2CE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ...........",.. SEARCH_TOAST_BODY_TEXT: "...... .. ......... ..... ... .... ....... ... .... ............. ........... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. SEARCH_TOAST_DONE: ".....",.. SEARCH_TOAST_HEADING_COMPLIANT: "... ......... ... ...... .........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6853
                                                                                                                                                                          Entropy (8bit):5.365114021792175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Ckl7LklkKuaz45DJMtR4fAgK0vQ8jwsClwJcv+ztBDABrBN9FC1WgjsRBva54Apw:CkWF+Uturjjj42tBABrFoUgOBixBC
                                                                                                                                                                          MD5:A9AE28A871D67DC424035B1B5480C270
                                                                                                                                                                          SHA1:AF7A82B156EB8A3B6E2BC9635DB280F50E3C5082
                                                                                                                                                                          SHA-256:746942A655E5D62BD2E029D11B258B3E96B7D1680ABEAE6A8F1A59468C2B580C
                                                                                                                                                                          SHA-512:548337D20CC57583532F8B8EABE28099BE823A96025E941B631E83CA4D3B73BD72F04918329F1623E056003DC589894BE693E5E7DF213130735358BA26C51F57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT: "Want to stay ahead of the bad guys with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn Secure Search on after I restart my browser.",.. SEARCH_TOAST_DONE: "Done",.. SEARCH_TOAST_HEADING_COMPLIANT: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Would you like to add Secure Search and stay ahead of the bad guys?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Yes, add Secure Search to my browser and change my default search to {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",.. SEARCH_ENGINE_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7166
                                                                                                                                                                          Entropy (8bit):5.357603886398829
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CikaW+DI24sA0etjy/gsjyw9FsBR52/MGSrZcUyxITK3mVa:CNL+DI23ktjy4sjyGeR5jKnOKWVa
                                                                                                                                                                          MD5:4397A9B4B554BAB39BBE68ED3BA2BD2B
                                                                                                                                                                          SHA1:03192E9FABA0C58FCC59713824E46B15D7908E24
                                                                                                                                                                          SHA-256:5D4F78273B484015A5DFED48702BA7A76E72FA8578F92B3054327C94A05FD0F6
                                                                                                                                                                          SHA-512:8269DCF69D7D80A02696EBFCA3A39DD81329A123DA89B8EC4050C8717A948DBF8A843DCFD584230D817D70D43247FE8271BFDD9B41742DADFB595FD542A970EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La b.squeda segura est. desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No dispones de la b.squeda segura, ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Quieres a.adir la b.squeda segura e ir un paso por delante de las amenazas?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., a.adir la b.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}.", // {

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6972
                                                                                                                                                                          Entropy (8bit):5.376904672149746
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:C7nHt6A2Av8eK1mD8OOtjvQxj4jJ5QXGfTB9j:C7nN6dABK4wOOtjvQxj4lomTB9j
                                                                                                                                                                          MD5:D54C78C828AC7E907D0DE01D76278840
                                                                                                                                                                          SHA1:7DF62B8D99ADDF743C952403523195016BFFD835
                                                                                                                                                                          SHA-256:3C19F889D8EBFA80240761F56A5B0EB3B1FDD3346F7BB006A930E5DFC3A426D8
                                                                                                                                                                          SHA-512:52FE5711DE39C279E0B8354BFA63427342592C5C814D92962FFF17E660104113831177A4CCB229CBA04C3D25946971C93A2D4502867E67B579746E62176E43D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No tienes B.squeda segura: ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Te gustar.a agregar B.squeda segura y adelantarte a los malos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., agregar B.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6713
                                                                                                                                                                          Entropy (8bit):5.4030553361914935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:Cf5VcSzQubYOrlY0XRMYSJd1VtHyYZN66mHyY4Xub3:CfWJXecJtlf6vl8ub3
                                                                                                                                                                          MD5:567891348CD10BB69D73E248E2D12237
                                                                                                                                                                          SHA1:1DE368EECC996DBF74FACD6588FA50FACEF04E6C
                                                                                                                                                                          SHA-256:D89F8683685322D343FA32AFD4613F39B8735AD2CDE701CC0C80ADDB775080B4
                                                                                                                                                                          SHA-512:0447A7258E4770AD6E6F340F6D2849F641FA781A15FFB8C94104FA8AA400FC136A971ACDD939E820E9A0CB1AD241BE0CF8FD00AA01E8C0F7AB6A8A6ADA2BF573
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis",.. SEARCH_TOAST_HEADING_COMPLIANT: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Haluatko lis.t. suojatun haun, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Kyll., haluan lis.t. suojatun haun selaimeeni ja muuttaa oletushakukoneeksi {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7707
                                                                                                                                                                          Entropy (8bit):5.338885548324864
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CNztZLR3dPCgbg0LUaJbQA1A/6yb2qz2KAnt/rF43U/HqBosOCA2FSUb:CB/CqQaKA1i64z27t/rF43U/KBosOCAW
                                                                                                                                                                          MD5:C91FA97BC47CA94BD6C68875C8A8B0A1
                                                                                                                                                                          SHA1:737F08638C981693587A61F3A218805241E82451
                                                                                                                                                                          SHA-256:D73FF4CE5A21E3E29EA0B01D1C459425F8ED0CB4F6CCCF8CAB62A85C38C3385A
                                                                                                                                                                          SHA-512:63C3579415079BB00FABC2C5C28A5CFFEF8E68D3CD15504B1773A99BD0ECB074DE3FF94A6F103590109644942D3B3158BAA3616C232722A3E0DE3AB3774B46C6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attention! La recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous d.jouer les escrocs en vous dotant d'un moyen de protection suppl.mentaire?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e une fois que j'aurai red.marr. mon navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attention! La recherche s.curis.e n'est pas install.e.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Souhaitez-vous installer la recherche s.curis.e afin de garder une longueur d'avance sur les escrocs du Web?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la recherche s.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7690
                                                                                                                                                                          Entropy (8bit):5.336020745326812
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CsERzSimDtBPs31a2/DMEopt+3eOpPZA2XYGAq6:CXFABPq1x8t+3HZA2IGAq6
                                                                                                                                                                          MD5:2066D7546C542C117ABAF0C8A41DF5F4
                                                                                                                                                                          SHA1:088CD3253EDC709DEBEEA36E3C8AA5608E6D6303
                                                                                                                                                                          SHA-256:329307B9AD2302509FC80955696657398B1302DEFBD76BB60252A67640121C86
                                                                                                                                                                          SHA-512:996FDEE8E54D8E4556013EEBB2CA35BC6D3D6065BE497426188576C38A199E5D3B66FFF7C67937AE7D5DAF6EEAEC41E9F04AC69D778E31E470524BF584AA6399
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Vous souhaitez une protection de recherche .volu.e qui vous mette . l'abri des utilisateurs malveillants.?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Voulez-vous ajouter la recherche s.curis.e et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la rech

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7046
                                                                                                                                                                          Entropy (8bit):5.489775216215936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:C1/oREn0Rscvuy66DERG9MCt9qU8FCjN9JPh9qU8F/9FYeP5en2uRpPpQAK:CxnifBE6t9z8FAN9H9z8FFeQm5DPyAK
                                                                                                                                                                          MD5:1565A7A1978A975F26098FB81B07F1C1
                                                                                                                                                                          SHA1:A13E0B13C03D23351ED175B6FBC6A5448CC929E7
                                                                                                                                                                          SHA-256:E895451E303339D1A40FAFFA01C19C4764628EFB445A8708DF88E7FB7223BC95
                                                                                                                                                                          SHA-512:600ABED4BB9F8A769D02D452CF663D73A7EC1CB28809512FDCC49D566E2F37299ADEF6B8C724B4C4BF688A3C636B694834EB261AB6A3930214D33511A2EE09F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite ostati nekoliko koraka ispred negativaca s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik.",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati sigurno pretra.ivanje i ostati ispred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodaj sigurno pretra.ivanje mojem pregledniku i promijeniti svoju zadanu pretragu na {0}.", // {0} SE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7496
                                                                                                                                                                          Entropy (8bit):5.5550712038218695
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CyQ0mXVpV8YYxZXThD71WnkWYtezBPwe49Fnmsv31B94+CgbH:CxFXV8YabLtaB4jXH4g7
                                                                                                                                                                          MD5:2541A18DFA2FFB6F7A3BFFEA83D43E4E
                                                                                                                                                                          SHA1:F8D1E10B525C5C5E031D2115752D34F8DBD0B695
                                                                                                                                                                          SHA-256:3DE501821EF401E88582D773E23F6DFDF2AFBF7A37228E1933D39BBCD362F152
                                                                                                                                                                          SHA-512:74F9002BC25097E5338650FDC26A6D83CF982A9CD44E21DDEBFD44B2083D4632D8E497B020101254C176223399D0B0A7AA704ADE05201A01688B9A4AB4E08078
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretne a rosszfi.k el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t.",.. SEARCH_TOAST_DONE: "K.sz",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Szeretn. hozz.adni a biztons.gos keres.st, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6908
                                                                                                                                                                          Entropy (8bit):5.237071715961501
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CNcefx5VArSHAmTy+rr0l2BJ07tpelslpeWy++WVHJN:CL5OpmOU0lCJ07tpiWp4sj
                                                                                                                                                                          MD5:B5D0988C65F589401FA7DBF19ED0280C
                                                                                                                                                                          SHA1:A85E366C54C63DEAAC0C3B6ED3C03E524BE9EF07
                                                                                                                                                                          SHA-256:764E8C4D86D570A15A34E2AAAABDCA5A1DF23C8DE98235A1A6657C1732B94443
                                                                                                                                                                          SHA-512:3611562555D7AAE024F336210286F375639E05A0848ECD869150AF844266D5F8039BE60F085C58D73DD6CDFA2EC2CBE7F0145F88519D8E9E61396487A63A02F8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi essere sempre un passo avanti rispetto ai malintenzionati, grazie a una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser.",.. SEARCH_TOAST_DONE: "Fine",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vuoi aggiungere la ricerca sicura e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., aggiungi la ricerca sicura al browser e imposta il motore di ricerca predefinito su {0}.", // {0} SEA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8147
                                                                                                                                                                          Entropy (8bit):5.846824348861508
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CPLfnSHyVfZ2H6EisoqNkij09yT4eKVX0fe66UqPJGNBcpIEdt4/L22XPJn4/799:CumbTi9Itk2s1EuSU8sJ7ny
                                                                                                                                                                          MD5:B1C564C9333C742497E5A9D3817CAC99
                                                                                                                                                                          SHA1:0020924D194D635F4A9AE0F6F669B51DC780128F
                                                                                                                                                                          SHA-256:3596EF93BF4488986B1A9B39F3C07523E72C40A85185600BE36A3054290E13BD
                                                                                                                                                                          SHA-512:3BB3A5088351D5E4919B4B86917FDCB43883E77F770322840A75103A99BD3C255A0E9CAD4BABF80975420F3156627BD4A3A9912D7D9E3662B3635AF5D46D6A35
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................",.. SEARCH_TOAST_BODY_TEXT: ".........................",.. SEARCH_TOAST_OPTION: ".................. ...........",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".... ........................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".................. ...........",.. SEARCH_TOAST_OPTION_COMPLIANT: "........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7384
                                                                                                                                                                          Entropy (8bit):5.93260103930681
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CIfSwAbRpdRzltRSN79FIt4khpJAk/NzfH/:CIawKtRSNp1k+YDf
                                                                                                                                                                          MD5:A4007E048251B6D27DA1B76343BFF6E9
                                                                                                                                                                          SHA1:BC4042BEBAE991640DF7A832F6F48558151E1B53
                                                                                                                                                                          SHA-256:033188FBD5D83097F66C856F4DED8D9BE5B03439ACD072587BD21EF24206CF5A
                                                                                                                                                                          SHA-512:EF99DF808B68F4298EEAA306B36763324A18612CCBDC9D05DB76945EDFEFD652DFBBEC6B88D542B3B3966591712E3036E8D93E2A93350AC37BB4ECFB7BCB3EE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: ".. .. ..... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: ".. .. ... .. .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".. ... .... ... .. ........?",.. SEARCH_TOAST_OPTION_COMPLIANT: "., .. ... . ..... .... .. ... {0}(.). ......", // {0} SEARCH_TOAST_*.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6835
                                                                                                                                                                          Entropy (8bit):5.392606150649136
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CKrYAXY8c4VteYFB8K3ueYFYRbyLXKFK4MwJ:CNGY8VVt7FB8K3u7F6yLXKFK7wJ
                                                                                                                                                                          MD5:079E49705B1F2786068AEAF22E68DD3B
                                                                                                                                                                          SHA1:BFFEBBB258DB9B0731CC72C494C93E8827ABC9C5
                                                                                                                                                                          SHA-256:CF8757AD22A8E4BE81F939351FCAC8DCB331A56EFD733EBF6DBE5935CF1CDB63
                                                                                                                                                                          SHA-512:276DF6AA234BF65FCC5809F1AD31BBFAA41C9F107CC13EEC659979EF76AC8E1BBDE43B63202B656FBB7FEDDFCBF8DD2EB154903CFBD1DF080BF6E56A8730A54B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du ha et forsprang p. skurkene med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. SEARCH_TOAST_DONE: "Fullf.rt",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke Sikkert s.k . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du legge til Sikkert s.k for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, legg til Sikkert s.k i nettleseren min og endre standard s.kemotor til {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Y

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6746
                                                                                                                                                                          Entropy (8bit):5.350952933198646
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CHSyoqPxfaPVFJ1bshox+a3uz27w8iLt9ls3cLt3CPiMWbW3pDLrFvn:C2J4jtjbSLBh
                                                                                                                                                                          MD5:887A6B30FCDB774C89BB8A96CC48C50F
                                                                                                                                                                          SHA1:730511C363199AA4926106B8A7E184B7F0B7674C
                                                                                                                                                                          SHA-256:0C05174E2379824B0E43722D5018D5FF8A2F3317C8D4CBD13AA794BE096635E1
                                                                                                                                                                          SHA-512:0EF5FE0389BF621D262CBB12A4BF70EBCDE8F0441748FF325AAFEF3FB03224AAE0FC14629B5374803C2F7E479133AEA39E7E280BB20CFB835E7CADF88A00323F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u de criminelen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed",.. SEARCH_TOAST_HEADING_COMPLIANT: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Wilt u Beveiligd zoeken toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, voeg Beveiligd zoeken toe aan mijn browser en verander mijn standaardzoekmachine in {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7048
                                                                                                                                                                          Entropy (8bit):5.61243549683091
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:Cp4EhuYbEvbH2jQWjlykLbLJLA1keuRgR1kv6z+tU9k8ir+IQB1y0g8CmYrvBjy/:Cp4EhuYbEvbH4QWjlykbpA1keuRk1kvI
                                                                                                                                                                          MD5:3B5FD528D7C629BE69E4801E505F90B4
                                                                                                                                                                          SHA1:9D14001C9EE9AC45BEB54FC9F931E0784141F4A5
                                                                                                                                                                          SHA-256:95D02F5D8184C9B68EBD5FB47CD14FC96D7A984955D0B222807476D0F3A1BDD9
                                                                                                                                                                          SHA-512:5423AC1449EBFFDC64189F7A98D32E0507FE8C9B96C7B047572B689D1D68FCDF00FC47611709E3F83A8DE1B1AF399015A271EC4406AE90415A4885F40869702C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki.",.. SEARCH_TOAST_DONE: "Gotowe",.. SEARCH_TOAST_HEADING_COMPLIANT: "Uwaga, nie masz funkcji Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcesz doda. funkcj. bezpieczne wyszukiwanie do przegl.darki i uprzedzi. zagro.enia?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Tak, dodaj funkcj. bezpieczne wyszukiwanie do przegl.dark

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):662
                                                                                                                                                                          Entropy (8bit):5.7597397179634
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7Ha6F06FXOAdhcUbz4wpHyHK6IPHCTFad+d/LVqk8FCVkC:7HrLFOAdiIppSq6IPVsdiFCVkC
                                                                                                                                                                          MD5:9333738A73E36A2E269613A1D018210A
                                                                                                                                                                          SHA1:E0A71E913C575269C4BF44DFF74C817988EC2948
                                                                                                                                                                          SHA-256:A0581EFA5908137F14713CCE144FFD986A31FBD8C32AF3E5F6D34401175C9EDC
                                                                                                                                                                          SHA-512:6F032E00C9F0EDAC5148B31732A6B172A121BD9B5F33EA8C8A5BF2D16B0BE49932C613AFFD6B749B2EA57166395D78BADD4842CD99EEEFBFACD0E8F8D4BDF05F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed hrozbami?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//E48885A4089C191F17100BFDF7E33E8198F4142B426AAC5DF923BCCF6590D0F6279F27D9A11B08236B5118D8F28E829298EA8155238D1AC065DDC6B95F2F396A++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):591
                                                                                                                                                                          Entropy (8bit):5.556587769890555
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H0Qs8HQMHQs8f2aw5VL0bdhPLjWR8exSYjnYBN:7Hfs49wsC2aw5t0bdhWR5xS8nGN
                                                                                                                                                                          MD5:5167EC440E9B60D834B74C163B466859
                                                                                                                                                                          SHA1:0315D48D553C4A01BBE37647C28359ADB1B96646
                                                                                                                                                                          SHA-256:53C7540204C5DBF54AF6590798A1CCCA6654E57669CD5B4DE19680C0615D3355
                                                                                                                                                                          SHA-512:CBA121F03DFC55DA30FE13CE5069C6540F77AAAF6141C57E554A765CDD73F8DE7E0A17AF2C71825F57E1A63F3C8A1E23667416A1AE6B7BFE05438AEDCE21940D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning markerer de potentielt farlige websteder i s.geresultaterne. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du have ekstra beskyttelse ved at g.re dine s.gninger mere sikre?",.. SEARCH_TOAST_OPTION: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren",.. SEARCH_TOAST_DONE: "F.rdig"..}..//DDDC93AEB7D34452F7BFAF7B5E3231C2B201649F331175338D56FDD10D545BEAAA636B8EC78589BCC470F535CB4606852AECABE9B7FFCE3B3713D68C8B9E4C69++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):626
                                                                                                                                                                          Entropy (8bit):5.46994588054159
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HV5hKfCvXCQtROXlU1dhIQvQA3yDYBGNJXJWWqEOVhsNR1f/0e:7HfhKf+X08dbCYgOPsh/9
                                                                                                                                                                          MD5:DE979FA93BF682A07CFEB46648C9AF02
                                                                                                                                                                          SHA1:D1A39737B02B215D09791B0D6DD4B72876F7B271
                                                                                                                                                                          SHA-256:216AD61CD811B087D5F040D8F0F4942488720CD73B9BF2E99B19DEAD84272B99
                                                                                                                                                                          SHA-512:DB5F1E657B6DC238FB3E10157F04BFE6D4B13AD88B16E0764BA9E7400F95DFAD6E72DB2F5A9102F7B4F60924342678620ED9A5EF1C2D88199D749D0D0C7D6E46
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wollen Sie mit zus.tzlichem Suchschutz Bedrohungen immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig"..}..//781BDE4AF95A67F6BF08097C19686398C7BA776D0B20431C0E4C6F45D4D53F251BF9EFBDFDD2D3EA8503B1454611F007F0DB96A6F43145B24D1298F03A4C6042++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):966
                                                                                                                                                                          Entropy (8bit):5.129622769173818
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HzMnpI0MXLr28dNWGmr3/TaMTyN/lPmv:SS268drb0le
                                                                                                                                                                          MD5:5289448506816447D15EB62E8D3A8EAC
                                                                                                                                                                          SHA1:C8E57B7F43E7E5C08CF284AF19BE25EBE9B75291
                                                                                                                                                                          SHA-256:BB50893CE6A58CE3C156E6D8D487A6BC33C42436A56B91D7161B1F4A15DAEF85
                                                                                                                                                                          SHA-512:CEE8BFEBC544BF151FC31DC0E4C4F2336BC316768E650A3BFAC748CBB08D3E8E65F4CB45D924385A980D569957FF6F772AC700DA559A794969C6D449491B7D61
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ........... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .. ......... ..... ... .... ....... ... ... ....... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ..........",.. SEARCH_TOAST_DONE: "....."..}..//8ABC4EE494806AF244C67B673221383B313197DEC7804C5994E3EE2559C39528AA1CF76351E2690EF191B60E3D0229D70191E3D8DEB7AE8D58EFF26C225FA970++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):546
                                                                                                                                                                          Entropy (8bit):5.438478026475485
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H4HIWFH3npSuVJTsdhIEfRXK9m/NaU/KPEOHVagBjFDh7h:7H4NXpSuVJTsdjfRXKIVaYmrvDj
                                                                                                                                                                          MD5:50B27F1859C737418F3B8FAD6C60CCFA
                                                                                                                                                                          SHA1:6D9C0A1CF778F05725D8A0BA475CB76B13A05F28
                                                                                                                                                                          SHA-256:08F32499383319ABD3D2E60BFAAF9D633485F6DBE7FE922BD25A68AFBD148970
                                                                                                                                                                          SHA-512:0C3695585CEF7784CEA76E4BFB52B45FF37B5CC545A43A0C93B8836C2108CD94679E75A9DC8E2459FFFEDBC45BA014D99FB3EB01D349411BBE66A2ECD6D2381E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Want to stay ahead of threats with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn on Secure Search after I restart my browser",.. SEARCH_TOAST_DONE: "Done"..}..//96EA14B58D06EA6D292E6EA56AC3DF0134F3F980FB5B5BC318F194D697843105615D3F4A1F7CD553206D0EE9E4F050AAF106A37E03FADE5B02133515F63052E6++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):621
                                                                                                                                                                          Entropy (8bit):5.538926666499625
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H1b6YjvHDkYdhDOnKjHZ/QC5MHYRczhbuUKsyD9:7HRHDkYdQneZ/7kYR+hbuUKbp
                                                                                                                                                                          MD5:ADCAADDD4131E780BFB6216607B155D1
                                                                                                                                                                          SHA1:2608554A423B6296461791A3ABC99B2DB6913AB7
                                                                                                                                                                          SHA-256:4D844C78842DE6FDC2C6BBA282041EE5EF0F18B20858012932AE20DDF3A64F28
                                                                                                                                                                          SHA-512:A09968BBBA5D66D9609E459D59851FFD15FA03E88D8797C7C1075DADE03B1C4F524001FC96511F9B6744A2277277D5D96A082BEE47AE9DBDB31A1ADF0C16776F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura est. desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura filtra los sitios web peligrosos en los resultados de sus b.squedas. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quiere ir un paso por delante de las amenazas con una protecci.n extra en sus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//F46FDE9F2473302E649EF27D6C28A0E0041CE6A60D7CCB2D2771B200C5968A158335280F63E8BC7DB3CE8576CE3F91251CE28338FA32F9A1DD7EB0CF8E9FF50F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):590
                                                                                                                                                                          Entropy (8bit):5.555932938953374
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7Heaf6Yrsi5KD/DdhDybH62P5MHrS2Rboo2SWQYJ:7HdLsiUDLd0rXPkm2RkZQYJ
                                                                                                                                                                          MD5:4D299AD9C33AE5F7221ACDFC6D8CB419
                                                                                                                                                                          SHA1:B5B1F34175D9C2882D809550255E3E9258D71E85
                                                                                                                                                                          SHA-256:06E8763D1A79C0B2F31C3A2D4CDE04A7264B96D497B1C8CFE652171B79832FA3
                                                                                                                                                                          SHA-512:C8A02922341E3C8ED158B8AE8944518F6C0C7625C50A166E15BF756ECD45D0387AD068DFED5F39750B2E22959CA3966B32577F3F7E47544D7F059E3E2B896DC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de sitios peligrosos en los resultados de b.squeda. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quieres adelantarte a las amenazas con protecci.n de b.squeda extra?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de que reinicie mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//F440553795D258CCD308C658E9E482E26720C16D38545458B05A2275CA943DCD179AFA03B7F44DC10B92C6B0CEB55D49F6771F151D4637EE37B731C4DAAF1626++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):594
                                                                                                                                                                          Entropy (8bit):5.551685954662295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HpBjkIHMjpJNnddhFyXLcE6P8ljSy3FJHzWLSl3iWSf/m:7HpBBHsNnddeXInP8lmSFcLSlZ
                                                                                                                                                                          MD5:DC9F54AA3F300ECF790AA92628D3CF77
                                                                                                                                                                          SHA1:78077A363E5A448FA3230165D854804FEBE4572F
                                                                                                                                                                          SHA-256:8540FB93344738BBF71D19DF09AABF8E3B90D57D42C5AAF109DE94FA2134E718
                                                                                                                                                                          SHA-512:3CB6041A0E30126260F33D15D76B1EF0C87F1EEDD6C1AD698303649EC8AB40E2BF06FAF152DA51779372BF29B9B2E5EE9A609D296E754403B58B10A20F62A2D1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Haluatko pysy. askeleen edell. ja hankkia lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis"..}..//E0D86E5CD809B5C76CAF04F121AC8F615738D596AA4B00EB31DF24B6F439A32589C889436CC92F341F0D734F1A6B9F599E51EE29340A78CF96A14EAA1BCEB47C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):619
                                                                                                                                                                          Entropy (8bit):5.449837640437659
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7He5LuGrtBdhLjwQ8SlK3woEEn9CPOPuUiF9WJ/:7He5LustBd5wwlK3/Ea9yNcx
                                                                                                                                                                          MD5:8C2B50C751DEC6FE68104B2C3B785B7A
                                                                                                                                                                          SHA1:50630ED37996EACA21174B22A6D2D59A74C8B7F6
                                                                                                                                                                          SHA-256:3368ADDB6B95C9301EEE6497048A89A933483C1172E5A32B18638EE38B0520E9
                                                                                                                                                                          SHA-512:53C318367BF41D965C06B96FDB68E7E2D5F525FB24F7181F90420A38591F78596A2915E30924D34D17A06103120623473CEA6F6DF04286FF292A6A6E4D78C99D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous aimeriez garder les menaces . distance avec une s.curit. de recherche accrue?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e quand je relancerai mon navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//B009D31CB7307E982854F17EE84129B416280262293434696F0EC516C681FEFBAED83BBF71D228F4BBB9D3D0DA0906E77C9126C5469A71278BBC65225974E220++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):654
                                                                                                                                                                          Entropy (8bit):5.46466082595575
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HQ7vJmt/5Tdh0tTdQzFOQ8S4NKXzH6jctqVdD/9VXIHc3Z:7HQ7vJmtJdWtTOpKNKXb6BdTnXCk
                                                                                                                                                                          MD5:C4CEA16F909889D02A6D6FFD1B8C6991
                                                                                                                                                                          SHA1:3A8E59632230494C41B6B0117F29DDE010E2FE0D
                                                                                                                                                                          SHA-256:1CC748BF272A659EBDEECB25EC29667AEF5B25B2330CA8007FF78846CBD2E8F1
                                                                                                                                                                          SHA-512:FC231DD995A2B87B962CF2DE13993539773B19F02CCC7767830A4925026C5249CEC29962B1F6F9B1B16596CB11BE32C2ECB2863E1BC9096FBF20387EDD87E376
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous souhaitez garder une longueur d'avance sur les menaces avec une protection de recherche .volu.e.?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e apr.s le red.marage du navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//EF49244BF3C7DDE9ACDF9BC3020BB15BE3BC2CD05AC5A92A4FEC7644E9C0DFBCD62E527E93FDCE507CB127EBAA8AE493F6BBC9D252A52B0509918367E2722E80++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):642
                                                                                                                                                                          Entropy (8bit):5.585450765906051
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HA+vZMuIg9s7sdhXNrY+Au1HQu8TPAu0TYa5MsLOETS+nh:7Hb2g2sdrkiQuI4uY5TLfXh
                                                                                                                                                                          MD5:96F9B117332775DC777AEA1F28DF2AC9
                                                                                                                                                                          SHA1:10459147C871654E4D02A70FA9403CFDA581CDAE
                                                                                                                                                                          SHA-256:89D45977D1D9E202C71A463E25F2F9B666EC2A27865FC90EDD5333BC89933AA4
                                                                                                                                                                          SHA-512:52863029F6B3CD736815B11CD2084204B3DD0EBA7E47E4D9F8A6871E4DB9060A29297723AC2CF83AAAC27442739F36678EF4C3A383F7CC733CA41508FF6470EF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite ostati nekoliko koraka ispred prijetnji s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik",.. SEARCH_TOAST_DONE: "Gotovo"..}..//9C25629FF501E6CC7B94A4DDE5E531A78015E9F3D4FE722BFDD1853C7D3DD896EC96C5B6FDB517894D93D277C1C3B5030B4FE425AEE3D13D846011D32B2B8BEB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):703
                                                                                                                                                                          Entropy (8bit):5.676694350972559
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HeBdauIvxgWeBdiituB7XcdhM2Frd0XR0WMruMYNSIt5d9XUL12k9GvZidIdhO:7HeBdauK0Bd5olXcdyiry1MSFNSEd6Lt
                                                                                                                                                                          MD5:69192E9A051F26059299D7C2C6976D27
                                                                                                                                                                          SHA1:6D671C3ABAEACA784FBBC1AFF1D3F1577A33B4D2
                                                                                                                                                                          SHA-256:24432A296BE079BD777340A34896779F48C551CA4F5B05DFBCB14D12023E94DA
                                                                                                                                                                          SHA-512:17B3FAE18DE06042AC2059C053B1DE7349CA3AA2312CC0FF6417470B59EC2EBBC56958A8C8D245CE1248E526C79089FCE149DE5B8D2ADEFC05235AC815DF7C9B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Szeretne egy l.p.ssel a fenyeget.sek el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t",.. SEARCH_TOAST_DONE: "K.sz"..}..//497F932EB94DBD0E3CAC90E1F5C8555A33B05DBA1B94A36FEC6679A11A6D3B1F0C9315C4CD195A9AD4F2F030802034637ACAF46752401120D845EC07950C25E0++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):591
                                                                                                                                                                          Entropy (8bit):5.416000828200279
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:qsXHYKsW+x+2uvch4pilrtAfaJMdFEhKDP+ku1xvVyvCxNA+EfHOXOR9WJ5CM+Kf:7HtDdilrtAfzdhDK1+aYfHTCc0p
                                                                                                                                                                          MD5:21A957C0D15BB12B2805B1C4522C48AD
                                                                                                                                                                          SHA1:E83CCE41EE4BB664C9D74CFCE64EF92D62D54D86
                                                                                                                                                                          SHA-256:709269085CD0B11E61E31EC958B501B3FE3FAD4ED05F41B0C783B25D674FF2A2
                                                                                                                                                                          SHA-512:0B30C962FCC110786E1D1D3D8D14E227EBC07AE8F47095670EFF3DC6289CD949927D7A296A871507608261D5805A907DEFDE2052488CB3B96368413C85B60A87
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura ti indica i siti rischiosi nei risultati della ricerca. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vuoi tenere alla larga le minacce con una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser",.. SEARCH_TOAST_DONE: "Fine"..}..//24CF2EE9582C3FC90BC13579DF4EE26C93E9AE00CA0DEB1681A4B680D060BEB0CD41AB07BC106FA3823793A1B6D12DE8114BD6A86CD84F6E19353D31C42E9621++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):640
                                                                                                                                                                          Entropy (8bit):5.963930964464233
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HUWisRqhWYcXYDkNWdhx8HWER9QilSh5RWmxISFvBYmuVz:7HUTOqvngUdcHbLZIrcl
                                                                                                                                                                          MD5:14DCA319A56B02209A671B6AB0756A36
                                                                                                                                                                          SHA1:3F2C2F8D426A3F76AF23E08CD29FD9362008E930
                                                                                                                                                                          SHA-256:8E86E62FEF7AB54030B887960B8EAFF54C5F313E9C0518E72658D08B34176F54
                                                                                                                                                                          SHA-512:2B877649D532476671B6B5FBCFD2B6366D827127E8862F30C7D6562457390F5FDCB8233BF0CF9AD7B4EB00FE63B7AFDB2355759B04D7097B8DBADFCDADF18F5D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................ {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".........................",.. SEARCH_TOAST_OPTION: ".................. ..........",.. SEARCH_TOAST_DONE: ".."..}..//0F1BD1D63E85EBF9FE85D4C40D0969D6A18DB1251B7A3F683DC8CE4F0CE1B41F84434B1EBDB1122FE31B6772B4F2903B620D557AB5D75BAA1F99117FC667E153++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):610
                                                                                                                                                                          Entropy (8bit):5.977686665492592
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HRgq8EDFj2FcdhkbQ2sIm8kATcVjPgU41Qco:7HvhEcd2BsIm8kgcVjPe6
                                                                                                                                                                          MD5:9F2BEA03FA9EF87DB13569F069B01DB9
                                                                                                                                                                          SHA1:C2831B7411DA27B00CEAA4CAED197FA419750B0D
                                                                                                                                                                          SHA-256:48BF5E2CEC6C8A31CDC47A1EF9840DE5B22392ED27F8990C1B840E95680A1209
                                                                                                                                                                          SHA-512:81E9B3B0EC9DFF52AA455BBF5C3C56BEC650EF0E46E4C41477C9267B669190A800DC73AE790605B2F0F6EAFFA5BC792F664FE043DC70CE5F1FC5C56296811905
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ...... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".. .. .. ... .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: ".."..}..//9209A02F6F8B503B7333FB2E90DD205B41E361BC5B69FC290CF3DB3956D1CF0FDF1CD91860A15C2A7E4380D018ECF7571851C36F971F65F7F7E8793BFDA006BC++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):571
                                                                                                                                                                          Entropy (8bit):5.585860981824038
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H0QhMHQjBUW4J9wdhPtkwxWsNW2/5U+kx:7HfhMwjIwdhywQsIekx
                                                                                                                                                                          MD5:B53A60627F2239B59F095A49D0A14730
                                                                                                                                                                          SHA1:16170A9EBC21DDE604D2A74A7C0AD73C5BE61A2C
                                                                                                                                                                          SHA-256:57758D0DFEF8D90CD7849AFA92436B365045EE9BC3C9FE6B97296D1FE6412DB9
                                                                                                                                                                          SHA-512:8C357A468C9E2BB30357AFBF1D087CA350CC3AACF8FEC1AE4557383C95CA956C7D5A5184E51256AFB9F6ED00DB609304DE6CD47ABF1F9CBC4D8C41700FD55BA9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna risikable omr.der i s.keresultatene. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du ha et forsprang p. trusler med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt",.. SEARCH_TOAST_DONE: "Fullf.rt"..}..//7F9E5EAF17E8F1227E38A25E7F41560CBDC6B83917451C99D91C302F756E574998F976B81D021A6C085BC16CFA7DE4402B3FF69F01E634FC5D624DFA1142ACEB++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):602
                                                                                                                                                                          Entropy (8bit):5.5121966627531975
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H7AySxXeOzOqodhIMLfcPkQkfM76FwUpWgnUAZ0n:7HzSxOBqodrLfccQkbFhpnU00
                                                                                                                                                                          MD5:CB36008F48B9A179465A060EFCF06732
                                                                                                                                                                          SHA1:8D19C2987F8D76C354EEF62B1DD82D2CD42C0554
                                                                                                                                                                          SHA-256:8697DDD7FABFDF87DD090ECAA453576156D3D1608FB2F6324F0458E468959EE9
                                                                                                                                                                          SHA-512:3B648C62108ACDE37B6530D3E6C3EABDCDFE61C7D9AE01EF7A2339DAC19091EDBAA34CC8F2D10D76A09A91F4A758946AE158E217E14BF3DB55B169F299E8D99B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wilt u bedreigingen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed"..}..//132213718FA4DF9769B65A174ABFF129686E878CCCD8731D3ABE1DFCDB37249461D3D4CC8CF53FB08FEB164B9BF36F11FD8A1DB41DA15A171B5C8FCA7DDC9A64++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):650
                                                                                                                                                                          Entropy (8bit):5.690654762493119
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HRmi53Lw8i53LE6PU3LOdhc1FKb3LCoPY3LcBt5tgR72RydAh:7HRZFuFIfSdi+jeoPMirt4hdAh
                                                                                                                                                                          MD5:A1299EC5C87CDA42A533F98B4709CEEC
                                                                                                                                                                          SHA1:0F5A70BC37D5A18FC0BE67146480526442F46754
                                                                                                                                                                          SHA-256:1CE435F5AC3E31BE513A8D5E477E29C565CFE517D39915BBABD16E174FACBC4E
                                                                                                                                                                          SHA-512:F27E15C8A8D14B422B5BAE18190E7CA7D43A31E36902FA6A2BC0CFFE115DA00A18F2E24B69C9C9202553BA56062EF30DD8A589F0C83E2F2D74489F3ABA81217C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki",.. SEARCH_TOAST_DONE: "Gotowe"..}..//E67C9266445775342EF456DE0EE29BC20391A6164632CE51169FC7BE3DBBFC90CC444FECD255F706B3D40040C67C9CFC3EB1921EBF77C48C144B0B210683843B++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):572
                                                                                                                                                                          Entropy (8bit):5.490201533592935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HcwalVTVGGWF/CdhEVMBoPcw7pVl9jy7/3tYJlXc5dJe:7Hu6F/CdGVMBoPcwXltSdJe
                                                                                                                                                                          MD5:BC5691977B799FA51CF593996451AB69
                                                                                                                                                                          SHA1:233C8407418012744DA1209EE67F8202C71C9461
                                                                                                                                                                          SHA-256:696A98D82BF176344F8A5C51F7FAB7768577DBA3B0044BD0CE17B366D1D89239
                                                                                                                                                                          SHA-512:F5E8F6A08F67725304A97B07C5B434A872CD2D3F6E97C8E05C17A35AE72E19CCBD4150EE1762FCB7C6D32A4ED74B37D25A3EF2BE2394D87AA364F6589FDB21CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Quer ficar longe das amea.as com prote..o extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a Pesquisa segura depois que o navegador for reiniciado",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//79810015A4CBBC4EDC91809446417CF31E2EEBFAABE5C1ABD28FC532801BEA817FE81C6A6FC0B7DC4D45BDBD002BFA5982061C0BCECA2D95769BD008875ABED1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):597
                                                                                                                                                                          Entropy (8bit):5.514344817447737
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HcQyVTuEcc3WhZ2dhvGUO9N7tOsKaLkdUHrqmJxgci+lQ:7HNlhZ2dRGUcNgsHLkWHrq6gciV
                                                                                                                                                                          MD5:94C713C34215464B32CE0DE2440C9B93
                                                                                                                                                                          SHA1:D2C87D10C4F0440EF1F1F5BFD56FE0424A5EF90D
                                                                                                                                                                          SHA-256:CBB75E0276216001C7860194D08977DE494CF87BB097AB6A3F328F9F9DDC3805
                                                                                                                                                                          SHA-512:543B990DFFA367EF7348990D65A22EAE1E0C194E313EBBB0B9D711F096712B73FB63843C9206F1E0C0AAA4379295F3DC8B52582791D050AFD66F0B58D2BFFA55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa Segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura ajuda-o a evitar sites perigosos nos seus resultados de pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Pretende evitar as amea.as com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a Pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//47AF18EB50A5DA101FD7B34733F1DE8B29ED21DB70A1CD0B92FBD680CA348C221E681808F1125E9D689D7A8F51D09EBAE3E261D56B4227BC0FF82A2FC1478DF4++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):837
                                                                                                                                                                          Entropy (8bit):5.267015231290291
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7HYytHN6yt20qJNs2OSo7dL2IlIX2tCFe8SlJvA+wcnPx:8yNN6yJqjbOS6LiX2AKno+FnJ
                                                                                                                                                                          MD5:35A8D724FD8AF2C038A137DE5E6F19BA
                                                                                                                                                                          SHA1:36C5167BA9FF3B27D11C85486B2D37D94B76D9F0
                                                                                                                                                                          SHA-256:5A5CD1BA75B6732E814B548A74BA9FBE94D52E113EADF32B81E59C8BCA7AB55A
                                                                                                                                                                          SHA-512:BAF5CF10CD3D45AD0E041364BA126746263E9B246AE17F18FF4AC83BEA238A298AAB087FAB2DAEAD989BBD751B88EA997FD18D2DC11635802A490A57B25FEBE6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ....... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .......... .. ..... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......"..}..//A1A09546187493B2E905A31D9318DA8444D0CDD309883B15265B059E3BFA1622A835F4488CC4271089169A5BB96C639C117AF548738DF2B3F4FBA1B4028CD908++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):649
                                                                                                                                                                          Entropy (8bit):5.787021399501204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HLxCHLIOdhcUdOVzpG4kl9Uyc5DTS3Jn:7H9C0OdiSOVzpG4kXUyctTcJn
                                                                                                                                                                          MD5:C44D28237A6B757F95CE535CFEBFEDA7
                                                                                                                                                                          SHA1:B9EB40EB6B4F2EE30C9B96D65BFE4AA947FA408E
                                                                                                                                                                          SHA-256:1A83C1A9DC0ADBFE1E5DCCFD256F74436A7A62F083795083371A18C276B9442B
                                                                                                                                                                          SHA-512:B634252B6C6DEBC993A85F3B78D63CC1F13130623BC9349E22509141CDB5668E3B3BF0FD3830AFB292137BE5A6157FA26F85F86ADEF4BB7AB7D8460ACDF4767D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete ma. n.skok pred .to.n.kmi v.aka zv..enej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, zabezpe.en. vyh.ad.vanie zapn.. po re.tarte prehliada.a.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//149E6709C5CFD657DFEEA89947F6DBF418CBA8A0F7DF56594C44D023AF4F45537FBDBF6D2F9799727EBA1199EF93D26C0BC0415165BED05061F3E254AE76118C++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):605
                                                                                                                                                                          Entropy (8bit):5.6115676645450305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H3ORkfi2TAdhX3UbQytlQuhUHFsWk64AFUAzgMBO:7H38kfwdqvQuhUHF3kLjmgMBO
                                                                                                                                                                          MD5:B7F48005676B897D23A2D77E1337EA82
                                                                                                                                                                          SHA1:91097E850AA2E65FA2D12F8D1168BFC9EF22ED49
                                                                                                                                                                          SHA-256:BF68150EF6A23C0E63D82E174FDB335C47B3496AE8B48EBA9BE35F6E7DD8523B
                                                                                                                                                                          SHA-512:F938ABB835D86C04CD3F95309F59011E3930D98409812DD55365625CC7A99F9E7911531DD6A8C3D6486E4A55EF551EDBAFA2BC035ECEE0CFB2B4094B26263FE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite da budete u prednosti u odnosu na pretnje uz dodatnu za.titu pretrage?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda.",.. SEARCH_TOAST_DONE: "Gotovo"..}..//2ACC2FEF55DE3B4194F8A6A236012B64A35645FB181AA1C5270D84E787D37FC441828776CAF3D5D67936CC200E30D250EAC3FEFD7A92DC70D1BDBAF394095E7F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):574
                                                                                                                                                                          Entropy (8bit):5.631845839445742
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7Hmg2AbjgZyDzL0HD4WkdhPN4McUQ4N94ije+ci38Gl1N:7H7DbEgLLdVWMHN94i6+hR1N
                                                                                                                                                                          MD5:39C2D771B371F6B034422856080ABACC
                                                                                                                                                                          SHA1:C1665F86C2964C1BF8AF7F1DA9C6CC64D808C822
                                                                                                                                                                          SHA-256:BEDF8B48BF6CBE896B2645E6638A80B38B5393516591C8069D99ADEDF48C6C07
                                                                                                                                                                          SHA-512:6789B62F9F7CD27573C6413DE9F227A54BA786986BA6A4CA0ED063B298C8BAC21688B007CDB77491AE93CFE2E1811FD77FC4BB2CB6FB43BA5755237B54015547
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vill du vara steget f.re hoten med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart"..}..//F8E30110A1145C29647E579C7CDA99C3E5BC3A3B7CD17FEC113DCED5091E74BB8E14B659410AC439D4718E71E1EA8D8354AC28BA5FD3A66B40BAA183F0663096++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):589
                                                                                                                                                                          Entropy (8bit):5.622368928028239
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7H0i4Hb00hCdh29T1pGQMlwrX96UOO2deAa:7Hl4phCdA6VlwLb21a
                                                                                                                                                                          MD5:102E68C70E4D934A49B1A17CD3FA6F85
                                                                                                                                                                          SHA1:703B14279974DDA5270C734E6C885BDC876760F2
                                                                                                                                                                          SHA-256:C01582746CEA33E5564376604B4E572C1B6C9EFCFA4A7DD6589F5740FF03F7D1
                                                                                                                                                                          SHA-512:C8F5D1C81F513A8C2B33B0DDFD6EA25B107D61CAC31E145154A962599061C4845E7E5195AC405C4E66E2E15585FB163FF3027C7D9574AB9E48A65FB8473340BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Ek arama korumas. ile tehditlerin bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti"..}..//2E34B3229D4286580CD0781F64724D2FAEE038754346DA01CBF15F69B2E29FA428F93267F5D3F58443E53DC75E9A580D6C1937434564E5DAE1EEE9ADF0E7CD93++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):547
                                                                                                                                                                          Entropy (8bit):6.219020856626668
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HshRETCqdh2fDviKYE4aCeX7rBnP2dmegNREe:7HshVqd8rviKYEzPVP2dmeIREe
                                                                                                                                                                          MD5:690B33832BABAA078B978FDD4F6AD743
                                                                                                                                                                          SHA1:EB83BF314560B618CF7278609E9B5FC928B828D0
                                                                                                                                                                          SHA-256:BAF88339E23F2C026C07487B80A656E739F334DF820588650780441E73AC6B82
                                                                                                                                                                          SHA-512:9FB309D87AF322952AD2502099D288726D0D4A0050367A4C13661B08AAB35A5CE99C3F12B9E720AE9580D11125E9B52715D880F24A2063143249F3BF9BD0B3FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: "...................... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".....................?",.. SEARCH_TOAST_OPTION: "...............",.. SEARCH_TOAST_DONE: ".."..}..//E87A6E9913C186CEE95654D6350532EA189E1D3D4C96E806A594110DE22C00328326A21D190D7A2D454D9DBF9D1D60826D8D06AD42BD12EF4B8E34CC40E25CF1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):555
                                                                                                                                                                          Entropy (8bit):6.203971338258118
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:7HamgrADLhZINcBjdhVfDaCBasqeDIYezud1A6ULKg:7Ha/cDtZINSdfrtarphzWK6gKg
                                                                                                                                                                          MD5:E221F413F3457CF7B8E6A2F19073F2AA
                                                                                                                                                                          SHA1:4571F544C1CF5C43776368514B6AAB27607CD990
                                                                                                                                                                          SHA-256:559860D0313C020894F71108E877BB95D5302632B5337002CE5FF9DAF7C5B76F
                                                                                                                                                                          SHA-512:0D0F52419D4ED4D5770BF418897F8AB34BF8B99B3C5C9719BDF8CBF724DCB2E9A35267BAD1E42F596E9716E7FD0CF0405D12B512EAB6ABAF253D9DE91C8C1EFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... - ...",.. SEARCH_TOAST_SUB_HEADING: "........................{0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "......................",.. SEARCH_TOAST_OPTION: "..................",.. SEARCH_TOAST_DONE: ".."..}..//665E595423CA30C50F69453340F2E1F6F19A254BFF79E7F30BEDFF0FFE4F61055C51BFF0F883ED606A72C2DE49D5167A9B9ACE9DB77DADC2133D19C5230C7BD9++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6977
                                                                                                                                                                          Entropy (8bit):5.354677906533344
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CGsKDNR4J7qXQBLHEtvJd89CuvJd29Fx7sXYld4+X1p:CoDNR4x+tvJd89CuvJdMDwXcd4+X1p
                                                                                                                                                                          MD5:1EE03718AEDB679C9583C663F65D72B1
                                                                                                                                                                          SHA1:29A42FD946F5149CF768C6B7668601A2A5511981
                                                                                                                                                                          SHA-256:DE87F0DFC3E537C15B56509AE9D12B84F41059BCE8EE5F0C41D6D5B4CF686157
                                                                                                                                                                          SHA-512:56AAA511DC5DDFFDF15EC73B6D16268C1488C257C1F1AA5AD98EEC297DDF71ADBDF2BE1AA0219A03B7C658B21C27FE4B31BE7812DB8B254DCB262E19D32D2EBE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Quer ficar longe de pessoas mal-intencionadas com prote..o de pesquisa extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "A pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Gostaria de adicionar a pesquisa segura e se antecipar aos criminosos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu navegador e alterar minha pesquisa padr.o para {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7070
                                                                                                                                                                          Entropy (8bit):5.350688488062668
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:Chka9ILBeycgfmtmud0l9zEYmud0lkVHed0g574:ChknLBeycgmtm5PmqHyp4
                                                                                                                                                                          MD5:EEC4B6D886DE48F8CEDBE2134608DED6
                                                                                                                                                                          SHA1:B5FE71415CC592DDBC5677CE9ED5B46A05E51F10
                                                                                                                                                                          SHA-256:A395B4E3C670AC26E9F30E9C7049B1F95CC7FD7F2B39107F12A25905F49C9156
                                                                                                                                                                          SHA-512:0E83BEDCBF341E854E130738482E20E0F24FAE78FAF51572D7C1E3A65467C3ADB8957BB4048F83C5A397C2A4A1F25B461C6CCC0A7170076F7DE97D2986FDD185
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Pretende evitar os utilizadores mal intencionados com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "N.o tem a pesquisa segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Pretende adicionar a pesquisa segura e antecipar-se aos malfeitores?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu browser e alterar a minha pesquisa predefinida para {0}.", // {0} SEARCH_TOAST_*.. SEARC

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (309), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10279
                                                                                                                                                                          Entropy (8bit):5.11634369696361
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CDxFR6OsBNVZPV/y/Vm1R1ut52Gu5U0DLTDGgr:CDxFR9I1yI1R1utQGuV5r
                                                                                                                                                                          MD5:2FE2D77FB1486F5A98D1281E4C28EF3C
                                                                                                                                                                          SHA1:DA6D04DB3CD1874A042ACFA757951E49ED59FBDC
                                                                                                                                                                          SHA-256:CB10D707EEC7340AAB7BE8C01E6AD67C0E6695EBB896337C840D66CF8D969866
                                                                                                                                                                          SHA-512:25F0984538E03F0A4B2270F868387F2DBDE7AABE83D775197A0C38B87CE3F6E103EC6F7D8F050EFB716812AB3414FE7E56B768E12F4FA43EB2F96CEFC12F4B44
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... .......",.. SEARCH_TOAST_BODY_TEXT: "...... .......... .. ............... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......",.. SEARCH_TOAST_HEADING_COMPLIANT: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......... ..... .. ........ ... ..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7406
                                                                                                                                                                          Entropy (8bit):5.691254735980649
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CgGE6x3pVIczmqoU5t9gga9BC9ge4rShIA:CgGE6vH6XU5t9gga9BC9grSOA
                                                                                                                                                                          MD5:6F7188EA8CE4375C51E7251A12201A47
                                                                                                                                                                          SHA1:0FDFFCD3489694047A46AD3A467E70E53B1CB397
                                                                                                                                                                          SHA-256:9786BCA0EEADC7F3D70CA76AB4DB2AB1F6B7C2FDAB60BAE612F8CBBC47C84E19
                                                                                                                                                                          SHA-512:E395C147BED5B33CC4350800072263B2836D36C6D63E319DCC708BE3FE706E5FC447F8FD8D5E7199DB5C37336E933A258F0B6ECBEA917F1EF5330C8E036360C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete ma. n.skok pred .to.n.kmi v.aka dodato.nej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, po re.tartovan. prehliada.a zapn.. slu.bu Zabezpe.en. vyh.ad.vanie.",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te zabezpe.en. vyh.ad.vanie . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete prida. zabezpe.en. vyh.ad.vanie a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".no, prida. zabezpe.en.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6881
                                                                                                                                                                          Entropy (8bit):5.510612055221693
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CDvPQbt+oOuDdY9XXHci4ERt9UFE+fa9f+i9UFED9FV77GewuWZv9YT:Cj8at9UF89/9UF+TWZv9YT
                                                                                                                                                                          MD5:6459534816ED650A420B9254E5649E36
                                                                                                                                                                          SHA1:4BBFFC0B8AF32BEF18B5DCB96FD82B20188F1BCB
                                                                                                                                                                          SHA-256:20EB698CD0196E3D7E30C3AD414229493D37DD56789106325624FBF04D809593
                                                                                                                                                                          SHA-512:81828BF50F54DA2F064973C2C7EB1606B8F8016943B0DFE563266F4BBC8456C343DB5E3E281D87AD55F195CA94B0D052C91ABAF3DEC7A68977BA1C7528B84462
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite da budete u prednosti u odnosu na .lo.e momke. uz dodatnu za.titu za pretragu?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda..",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati bezbedna pretraga i ostanite napred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodajte bezbedna pretraga u moj pregleda. i promenite podrazumevanu pretragu na {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENG

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6625
                                                                                                                                                                          Entropy (8bit):5.4895771448474635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CPWmMbkZdHSzoz9jp2rqntY25Sfs99FGlTuBLz704oH30wB9:CwbkOEtJ5SfsTzpEkwv
                                                                                                                                                                          MD5:9B3885CC66E9F52395E7D752E5CDF4F8
                                                                                                                                                                          SHA1:56A2B17274B399BD7F65DDF62931C50A70486612
                                                                                                                                                                          SHA-256:670DBF1CA1F3688472131452AB02A61AE9AFD1107042A8986EE95B96F4405F6E
                                                                                                                                                                          SHA-512:81FEBEFC5781869B3A4280D0A9BF823585FE06E7197868690E25F82EA36C9462E8B8DA153B0BDF89B0C16199634CFD7C4E7F44F3EB9193DA9E09701C614EBD85
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du vara steget f.re skurkarna med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vill du l.gga till s.ker s.kning f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, l.gg till s.ker s.kning till webbl.saren och .ndra standards.kningen till {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHO

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6975
                                                                                                                                                                          Entropy (8bit):5.5449330549000395
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CcHgbQsEEkAWex0JFMRhtSgyLyowlSgB9FerI7ur22yp98j8:Ci6hMJF6t1yLyt13wrnr9yp9m8
                                                                                                                                                                          MD5:4A289029B90E0136FB8D25F9F1DC06CC
                                                                                                                                                                          SHA1:5CE0FD01CAB5768B3D7BF3EE4E7D626DAE875920
                                                                                                                                                                          SHA-256:BB990556BF0E9F031E5F9F7B9B9D8D43AC6CAEE35E469743F6523D624BD28D3B
                                                                                                                                                                          SHA-512:D40CB7BCAEBCEDDD966C01CBDF72E17726F4A3B75097FB5244E8CB0BE30F83ABCEA716E0F85105731EF11BCCCDFADB6122E9E276CE64FA41DDA91ED5F40B21E0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "Ek arama korumas. ile k.t. adamlar.n bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti",.. SEARCH_TOAST_HEADING_COMPLIANT: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "G.venli Arama'y. ekleyerek k.t. niyetli ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Evet, G.venli Arama'y. taray.c.ma ekle ve varsay.lan aramam. {0} olarak de.i.tir.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing"

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6330
                                                                                                                                                                          Entropy (8bit):6.348346363907773
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CUk5RhhRDj8mxeX+lE8D9VkbXtK6XKS9FgXap7B0CCm:Ch/LxeXqEsGtBX/Dp9LCm
                                                                                                                                                                          MD5:AE61DE2CF0CAF5BEB18022515E8868E9
                                                                                                                                                                          SHA1:66DF21F7EEF504F4E2AA75AC466A1A41286A88B3
                                                                                                                                                                          SHA-256:D299B49CE26A7A26C20F42B7C4F7383B5B43AD840134C72A84AB88DB5010D341
                                                                                                                                                                          SHA-512:396DB989C5461F910C4F6E6AD82FB72C78648B124D3E3E3765DF5CBD8B8CED2129C56301AD6818660B3A140787E2A71C2671D5775657BFE1DDE4BC8EE1EEF4A6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: ".....................",.. SEARCH_TOAST_BODY_TEXT: ".......................?",.. SEARCH_TOAST_OPTION: "................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "......... . .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".......................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6347
                                                                                                                                                                          Entropy (8bit):6.335104550023616
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CGhla0tPlgm6w6KdmnPZ1cSDGFtMDjNOWMDjB9FEKrYimnP:Ci7dgtOfSStMPNOWMP3wimnP
                                                                                                                                                                          MD5:EA17AFF0064CF31DE59D47A1F24A37A7
                                                                                                                                                                          SHA1:5B2A410C65B26F2181F37F01DC2337355765FF6C
                                                                                                                                                                          SHA-256:C8CA9C6C95C85ADA603FDBC487080097DBFBC7523E8A0B1953281068CE8B33C9
                                                                                                                                                                          SHA-512:5A95F4C078B4903E57A7D52EAEBA581450F2162BC36C0289A3BB022702147818FABA9AB59AC0008588428ED8929CD6D2E529FF23E54787ADEFDFAAB18F2F6BA0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "....... . ...",.. SEARCH_TOAST_SUB_HEADING: ".......................",.. SEARCH_TOAST_BODY_TEXT: "........................",.. SEARCH_TOAST_OPTION: "...................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "....... . ...",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................",.. SEARCH_TOAST_OPTION_COMPLIANT: "........................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2562
                                                                                                                                                                          Entropy (8bit):5.6867899274612075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UjbcgNu0dSJUGlJ6qfveziXpAlJ2bRQmC3ptQfMmIm42wudadOlOfm92Nokzzj:UjbcgNurGGlJRemXalKRQmgpt4MmImi/
                                                                                                                                                                          MD5:B5C9547A3C4AE6189F5DD6D5B9C75131
                                                                                                                                                                          SHA1:C0BC16C9930BFD2E7CDCD821D45B903C385A1870
                                                                                                                                                                          SHA-256:1ACF7F0D31819CEDA9A4042F645EA99E69983DE1F482ABF101BA296DF68C1FB2
                                                                                                                                                                          SHA-512:6C12A308B2E7949F5CF67477B1C061223520CDDAA43C25FE78221786CAFB7AFB7A9F990B420BE6B4BF5D74C56CF37D592CE078B3C95623683628EE8E68CE021E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odinstalaci nelze pokra.ovat, dokud nebudou zav.ena v.echna okna prohl..e.e.<br/>Kliknut.m na tla..tko OK automaticky zav.ete v.echna okna prohl..e.e. Kliknut.m na tla..tko Zru.it tuto akci zru..te.",.. ADMIN_WARNING: "Aplikaci {0} nebylo mo.n. odinstalovat, proto.e jste k po..ta.i p.ihl..eni jako u.ivatel s omezen.mi opr.vn.n.mi. P.ihlaste se jako spr.vce syst.mu Windows a zkuste to znovu.",.. KEEP_FREE_PROTECTION: "Ponechat funkci Ochrana p.i proch.zen. internetu",.. NO_THANKS_UNINSTALL: "Ne, d.kuji. Chci ji odinstalovat",.. CANCEL: "Zru.it",.. NO_THANKS: "Ne, d.kuji",.. SURE: "Samoz.ejm.",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Odinstalace aplikace {0} prob.hla .sp..n..",.. SURVEY_OFFER: "R.di bychom znali v.. n.zor. Pora.te n.m, jak m..eme tento produkt je.t. vylep.it.",.. SORRY_TO_GO: "Je n.m l.to, .e jste si aplikaci nenechali.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2321
                                                                                                                                                                          Entropy (8bit):5.407870308134455
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:U9XpCmXa0Roqce7Coh4C3zOur+BYHexiAWFY502OUhMYI5Lp6+ZaKJq4U3rZ:U9XpbXaUz3x+BYWivW0uinhEaq4U3rZ
                                                                                                                                                                          MD5:C371F5545BC075A3AEAC14CAB178118C
                                                                                                                                                                          SHA1:57B39EAB60847B41A6910ADEC0F266EA0B611B7B
                                                                                                                                                                          SHA-256:D609D64279C59F8976638FBA48586929220FBD7A40DBF6B7BC489CE3C224887E
                                                                                                                                                                          SHA-512:3754B922D59C608A1430FA893825BCF52C25541306056134BD710C6703EA6B583D1B06D0F73493EEDF580A79F605E8B643E378E4E065E0D8C51D964512BF3345
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Lukke alle browservinduer for at forts.tte med at afinstallere softwaren.<br/>Tryk p. OK for at lukke alle browservinduer automatisk eller p. Annuller for at afbryde.",.. ADMIN_WARNING: "Du kan ikke afinstallere {0}, da du er logget p. computeren som begr.nset bruger. Log p. som Windows-administrator, og pr.v igen.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelsen",.. NO_THANKS_UNINSTALL: "Nej tak, afinstaller den bare",.. CANCEL: "Annuller",.. NO_THANKS: "Nej tak",.. SURE: "Selvf.lgelig",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Afinstallationen af {0} er f.rdig.",.. SURVEY_OFFER: "Vi vil gerne h.re din mening. Hvordan kan vi efter din mening g.re dette produkt endnu bedre?",.. SORRY_TO_GO: "Vi er kede af, at du forlader os.",.. UNINSTALLING: "Softwaren afinstalleres ...",.. START_HEADER: "Vent! Vil vil savne dig, hvis du afinstallerer",.. START_SUB_HEADER: "Og du vil ogs. savne all

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2527
                                                                                                                                                                          Entropy (8bit):5.381960990709301
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UYDdXJ6UXJbcC87UQT9zw/eCJlgf0IyYuYL16OhrHAoKKmJvDkoxmTZ:UydXTXOs6fIYXLhgokkoxuZ
                                                                                                                                                                          MD5:33CAFE027F0B8C32E685AD92EB28BDF2
                                                                                                                                                                          SHA1:C60DDE3B88B174E76A4F4589C33EA7DF7072B8A9
                                                                                                                                                                          SHA-256:F3E0D5494866421A6F2B6D5C0BC7AC6073DB7281EEFE3A5DD61F4698E881CA9E
                                                                                                                                                                          SHA-512:93301A34B8F063B99EF5CD41562C7324A1DB5AFF75DE056E6589831B1AC5D80FCC6DDB117B218FC3B4695BB63FD986C1C9CE1FF8B974A5721AD21C35AC50874F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Die Deinstallation kann erst fortgesetzt werden, nachdem alle Browser-Fenster geschlossen wurden.<br/>Klicken Sie auf 'OK', um alle Browser-Fenster automatisch zu schlie.en, oder klicken Sie zum Beenden auf 'Abbrechen'.",.. ADMIN_WARNING: "Sie k.nnen {0} nicht deinstallieren, da Sie bei Ihrem Computer als Benutzer mit eingeschr.nkten Rechten angemeldet sind. Melden Sie sich als Windows-Administrator an, und versuchen Sie es erneut.",.. KEEP_FREE_PROTECTION: "Web-Schutz behalten",.. NO_THANKS_UNINSTALL: "Nein danke, bitte deinstallieren",.. CANCEL: "Abbrechen",.. NO_THANKS: "Nein danke",.. SURE: "Sicher",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Die Deinstallation von {0} wurde erfolgreich beendet.",.. SURVEY_OFFER: "Wir freuen uns, von Ihnen zu h.ren. K.nnen Sie uns mitteilen, wie wir dieses Produkt noch verbessern k.nnen?",.. SORRY_TO_GO: "Schade, dass Sie unser Produkt nicht mehr verwenden m.cht

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4045
                                                                                                                                                                          Entropy (8bit):5.018197822286349
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:U4iYsFeBkg78VLgPHKM6V6WaLq/tit7lO7e5mS:U4iiam8hgPj6V6W0q/titcAmS
                                                                                                                                                                          MD5:F970CF47D49A33B1084B4379460D1768
                                                                                                                                                                          SHA1:072469DF0FA582F0ACF64D71D5E0F1FF56EC46A1
                                                                                                                                                                          SHA-256:A4805243E0A4DEB70F7C97EAAF6BCD974539727EECDDD8BBE16E010FDC3C63B6
                                                                                                                                                                          SHA-512:318B3C4EC8A21EBE396B49E6946F9A94D515186D928BF6F4319FEB6523E99881DC383D6C8A97C564117661EBB164C5B1B55BA708BE679BA9E5E75488B80DA867
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ". ......... ............ ... ...... .. .......... .. ... ........ ... .. ........ ... ............ ...........<br/>....... OK ... .. ........ ........ ... .. ........ ... ............ .......... . ....... ....... ... .........",.. ADMIN_WARNING: "... ........ .. ........... ... ........... ... {0} ..... ..... ........ .... .......... ... .. ....... .. ............ ........... .......... .. ............ ... Windows ... ......... .....",.. KEEP_FREE_PROTECTION: "......... ... .......... Web",.. NO_THANKS_UNINSTALL: "... ........., ..... ..........

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2170
                                                                                                                                                                          Entropy (8bit):5.38971409651161
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UawX1F1LVSHccWK2aFe3ymc9oqTLvmLtwbvORLxeMZi:UxXfhQpe3ymco0uLtRLxeV
                                                                                                                                                                          MD5:46F2DBFC9B7B6AB39B2A9E699C70C32B
                                                                                                                                                                          SHA1:4EEF9802DF5A0D59062D469C1B384085406A264D
                                                                                                                                                                          SHA-256:7165D76B5BC7B5F1CD09D9F9A7A636591F80278E583F856D1925DB98D926BE97
                                                                                                                                                                          SHA-512:3AF47B81AF6C0A1F20D4EDE2CFCEF57AAAB81D6EA3CF5C92560E205831A3052121C8AEA7D7BB20CFAE471BF0B1DB8D53F8A3E7E42BDE2218EE38BF2A63CD445A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Uninstallation cannot continue unless all browser windows are closed.<br/>Press Ok to automatically close all browser windows, or Cancel to abort.",.. ADMIN_WARNING: "You can't uninstall {0} because you're logged in to your computer as a Limited User. Please log in as a Windows Administrator, and try again.",.. KEEP_FREE_PROTECTION: "Keep web protection",.. NO_THANKS_UNINSTALL: "No thanks, just uninstall it",.. CANCEL: "Cancel",.. NO_THANKS: "No thanks",.. SURE: "Sure",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "You've successfully uninstalled {0}.",.. SURVEY_OFFER: "We want to hear from you. Can you share your thoughts on how to make this product even better?",.. SORRY_TO_GO: "We're sorry to see you go.",.. UNINSTALLING: "Uninstalling your software now...",.. START_HEADER: "Wait! If you uninstall, we'll miss you",.. START_SUB_HEADER: "And you'll miss all the good we do, like:",.. WE_SCANNED: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2342
                                                                                                                                                                          Entropy (8bit):5.374289352079449
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Uop2w+XfxK626IEkLmHVR9zgD/1jBv2a82Vj6Aux9M8KBkVSl9:UzwqfxnjVgjvv24KxS+S
                                                                                                                                                                          MD5:A66DBF3C4949571B37A77F05F100C0F7
                                                                                                                                                                          SHA1:43406EBCB86BC36C633724DC5DE5BBDC6918FDEF
                                                                                                                                                                          SHA-256:EF4C6A1511D42DD9867E1CE601253DDBB1FCB1D04722280463C081469F870551
                                                                                                                                                                          SHA-512:9679B864D11BA61B76811FEC59EAC20B54BD0B5D7432E1BD338EFE8A0E42CA1B6AD3D312930A92FA306CB6AF79E306EC8525FCE9C6A04FB1B54E9C593C94D3B2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Pulse Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para anular el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Mantener protecci.n web",.. NO_THANKS_UNINSTALL: "No, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de utilizar el producto.",.. UNINSTALLING: "Desinstalando el software...",.. START_HEADER: "Espere. Si desinstala, le echaremos de menos",.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2389
                                                                                                                                                                          Entropy (8bit):5.387010405651874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Uo72wwXfxjn6v6IEkLX/wrN9gZ0o/0BjBfjTz2VhSZ6c9VTC0CYFmz:U/wUfxnIwancfjTpVTC0nM
                                                                                                                                                                          MD5:3DA3C95538F7A23292CF788F7465E614
                                                                                                                                                                          SHA1:434A56E8BDFBD30163D145FA5FBF5F34EA22C20E
                                                                                                                                                                          SHA-256:EBF68D216085C88D331811DB6E08F90E9FB06B0AFA55FFE3D29C800DDFDE0239
                                                                                                                                                                          SHA-512:9217E2EADFC530E2FB87DE9854786CE02C287EE219B4AA55EF830C14EF9A18648230AFDC8031E60AC8D82BE92078921B54966D1830831132B3976C41989BC37D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Presione Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para interrumpir el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Conservar protecci.n web",.. NO_THANKS_UNINSTALL: "No, gracias, desinstalarlo",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de usar el producto.",.. UNINSTALLING: "Desinstalando el software.",.. START_HEADER: ".Espere! Si desinstala, lo ext

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2389
                                                                                                                                                                          Entropy (8bit):5.3518634805529
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UrCot/9DbtMfbzwx1kF08hjltMEwTZVyY+vRVZY2f3gvai1Ov9:UrHmMx2BJt8TDmRVzIk
                                                                                                                                                                          MD5:F9554E08115C89B08EC634A0F4EB6E0D
                                                                                                                                                                          SHA1:33B111AC223505DC75E580E82CBF006C78E0244D
                                                                                                                                                                          SHA-256:1ED3D4E0D8FBC95F48C02FF389584ACEB8A3E37C48F7EF6356EC8CE671461422
                                                                                                                                                                          SHA-512:5A9F24D05F551750F4E757047CA196070027E970197887608EE7127AF2FC5C8F8CF9DE3C0E24482FD07BCF885C749E4A2C41CBAD5D5C8FE13D767B149C0397F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Asennuksen poistamista ei voi jatkaa, jos kaikkia selainikkunoita ei suljeta.<br/>Sulje kaikki selainikkunat automaattisesti valitsemalla OK tai keskeyt. valitsemalla Peruuta.",.. ADMIN_WARNING: "Et pysty poistamaan sovelluksen {0} asennusta, sill. olet kirjautunut tietokoneeseen k.ytt.j.n., jolla on rajoitetut oikeudet. Kirjaudu Windowsin j.rjestelm.nvalvojana ja yrit. uudelleen.",.. KEEP_FREE_PROTECTION: "Jatka verkkosuojauksen k.ytt...",.. NO_THANKS_UNINSTALL: "Ei, kiitos. Poista asennus.",.. CANCEL: "Peruuta",.. NO_THANKS: "Ei kiitos",.. SURE: "OK",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} on poistettu.",.. SURVEY_OFFER: "Kuulisimme mielell.mme sinulta palautetta. Haluatko kertoa meille, miten voisimme tehd. tuotteesta viel. paremman?",.. SORRY_TO_GO: "Ik.v.., ett. et halua jatkaa tuotteen k.ytt...",.. UNINSTALLING: "Poistetaan ohjelmiston asennusta.",.. START_HEADER

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2674
                                                                                                                                                                          Entropy (8bit):5.370515207845727
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UZbbplCgKbHGou9Uz0NHKVfNV7jUtmjV0fkJmTMOo8MXIHe5QXZhrgKHqeTsO:URbpEhDvVF5jUqckJXBIHe5scqqeTv
                                                                                                                                                                          MD5:1907F5229E4B8C09A7C3716EE531CDB4
                                                                                                                                                                          SHA1:933C89C28E04FF63969D6A3F137D2B43C84B2932
                                                                                                                                                                          SHA-256:22D276421691E4D7D2D27CA2697420902CF1DFF2E8B50D8D409C92B0821ABBB4
                                                                                                                                                                          SHA-512:4BB791A0671DC7663E7287B57558721C829618AC70F761D00B79BC992212B219649C1D1D5475F1113E74C3E28C661CB25B8E91E2E939D06336E3E9D1ED77A3C6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La d.sinstallation ne peut pas se poursuivre sans avoir ferm. toutes les fen.tres du navigateur.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur, ou sur Annuler pour abandonner.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur disposant d'un acc.s restreint. Veuillez vous connecter en tant qu'administrateur Windows, puis essayez de nouveau.",.. KEEP_FREE_PROTECTION: "Garder la protection Web",.. NO_THANKS_UNINSTALL: "Non merci, d.sinstallez-la",.. CANCEL: "Annuler",.. NO_THANKS: "Non merci",.. SURE: "Bien s.r!",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez correctement d.sinstall. {0}.",.. SURVEY_OFFER: "Nous souhaitons conna.tre votre opinion. Seriez-vous dispos. . nous dire comment nous pourrions am.liorer ce produit?",.. SORRY_TO_GO: "Nous sommes d.sol.s que vous nous quittiez.",.. UNINSTA

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2626
                                                                                                                                                                          Entropy (8bit):5.398923340868169
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UT3FlNKBwOdm79zoIuKntX3OPwnIeruBTCtnSo8sprasnmNz+f:UTVfsEtX+iIeq8XUsmNz+f
                                                                                                                                                                          MD5:DE01057169269BDE1CEDB411BE89DC66
                                                                                                                                                                          SHA1:4DCE5734177EC07EB100B875E54FA6508A590ABC
                                                                                                                                                                          SHA-256:78D07B024DDB4F7ED57F48A39FB0B933814F65E6842516F9851490EBD18242C2
                                                                                                                                                                          SHA-512:000B5F1B7C4988DC27610159B1FA245BF1D63DF245F2D4331EEC0B57226457C68D5182E7CEEF4823953DD1C2B85E1A6C76B8C21A2E1014162569D023E897DE59
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Impossible de poursuivre la d.sinstallation tant que toutes les fen.tres du navigateur ne sont pas ferm.es.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur ou sur Annuler pour interrompre l'op.ration.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur limit. sur votre ordinateur. Connectez-vous en tant qu'administrateur Windows et recommencez.",.. KEEP_FREE_PROTECTION: "Conserver la protection web",.. NO_THANKS_UNINSTALL: "Non merci, proc.der . la d.sinstallation",.. CANCEL: "Annuler",.. NO_THANKS: "Non, merci",.. SURE: "Bien s.r",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez d.sinstall. {0}.",.. SURVEY_OFFER: "Nous serions ravis de conna.tre votre opinion. Si vous avez des id.es pour am.liorer ce produit, n'h.sitez pas . nous en faire part.",.. SORRY_TO_GO: "Nous sommes d.sol.s de vous voir p

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2390
                                                                                                                                                                          Entropy (8bit):5.44504076457636
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:U4qRJGbmxWQuD28CEnxSP+vuR4S0OaysKXXFrQ7zy5I:UxiRNC83kPEu30uRWPmI
                                                                                                                                                                          MD5:F50611583168626FCD098F95E000A6B7
                                                                                                                                                                          SHA1:9C4F81D6036D9309C7A126F3FAAF0460C75658AA
                                                                                                                                                                          SHA-256:E4B242AC00B9FD3BB9FAD9AFA140A03B87D3561D12F047C98736178BCB4174C2
                                                                                                                                                                          SHA-512:08CF92AE8D5FDCE90F296F15EC7F405275E8E1340652B515532B2F406AFBE0D2EF86C9B101FA49A55B70549571785FF4939775AA1E537097E6EA24C49725BF97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Deinstalaciju nije mogu.e nastaviti ako svi prozori preglednika nisu zatvoreni.<br/>Kliknite na U redu da biste automatski zatvorili sve prozore preglednika ili Odustani da biste prekinuli proces.",.. ADMIN_WARNING: "Ne mo.ete deinstalirati {0} jer ste na ra.unalo prijavljeni kao korisnik s ograni.enim ovlastima. Prijavite se kao administrator sustava Windows i poku.ajte ponovno.",.. KEEP_FREE_PROTECTION: "Zadr.i za.titu na webu",.. NO_THANKS_UNINSTALL: "Ne, hvala, samo je deinstaliraj",.. CANCEL: "Odustani",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspje.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo .uti va.e mi.ljenje. .elite li podijeliti s nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to vi.e ne.ete biti na. korisnik.",.. UNINSTALLING: "Deinstaliramo va. softver sada...",.. START_HEADER: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2561
                                                                                                                                                                          Entropy (8bit):5.595928399408576
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ud/4sBMK+ZvbkFzo5lQiw9Azz8eFRHJev0Dq4aVv/tYr8wlE:Ud/PBMKN6lu9aVFR4e2lFYr8wlE
                                                                                                                                                                          MD5:84F9AA20F6323ECEC5FA9B5EA8A9585A
                                                                                                                                                                          SHA1:3D6E310B88843329CEBDA20BDFECB7AA7973C95D
                                                                                                                                                                          SHA-256:966CEB24ABDD99AA360D683C84BED10CE523D9F71674E58D7EEB5C4EACB79CED
                                                                                                                                                                          SHA-512:A22FC3109FBF10A4D1A5E0B6667DE4A33764CFA70923BE68615532F8BBCAB1D4935D5B1D0234AC13191419DDF10764E85701FF87DDFF2E059A13E7D15DBB3F6D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Az elt.vol.t.s csak az .sszes b.ng.sz.ablak bez.r.sa ut.n folytathat..<br/>Az OK gombot megnyomva automatikusan bez.rhatja az ablakokat, a M.gse gombbal pedig megszak.thatja a m.veletet.",.. ADMIN_WARNING: "A(z) {0} szoftver elt.vol.t.sa nem lehets.ges, mivel a sz.m.t.g.pre korl.tozott hozz.f.r.s. felhaszn.l.k.nt jelentkezett be. L.pjen be Windows-rendszergazdak.nt, majd pr.b.lja .jra.",.. KEEP_FREE_PROTECTION: "Webes v.delem meg.rz.se",.. NO_THANKS_UNINSTALL: "Nem, egyszer.en t.vol.tsa el",.. CANCEL: "M.gse",.. NO_THANKS: "K.sz.n.m, nem",.. SURE: "Rendben",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Megt.rt.nt a(z) {0} elt.vol.t.sa.",.. SURVEY_OFFER: "Sokra .rt.keln.nk a v.lem.ny.t. Megosztan. vel.nk, hogy v.lem.nye szerint hogyan tehetn.nk m.g jobb. ezt a term.ket?",.. SORRY_TO_GO: "Sajn.ljuk, hogy nem tart ig.nyt a szolg.ltat.sra.",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2426
                                                                                                                                                                          Entropy (8bit):5.330203387186763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UUKu3r7X85X6/5Ouzl676xLqVDSdEfCXqYQ0d0ddfbOf5F:UDE/M5puk68VDcEK7vSdSxF
                                                                                                                                                                          MD5:E24D4C1F4903ECD3773373995AA3F80D
                                                                                                                                                                          SHA1:397F8056BB476BFE272F1CECB607E2518F132114
                                                                                                                                                                          SHA-256:4026AA1727001F5E178F82C61D038FD577458D973057833F3C461B5996D0FB6A
                                                                                                                                                                          SHA-512:EF4391809EC9651F927C906F93D4B8D01EFADFCC16CDBAAD512DAD578F797993887719C8EC20655E97C7163F60B9CCC43293997B34CE924B56647E545C1CE300
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Per procedere con la disinstallazione . necessario chiudere tutte le finestre del browser.<br/>Premi OK per chiudere automaticamente tutte le finestre del browser oppure Annulla per interrompere l'installazione.",.. ADMIN_WARNING: "Impossibile disinstallare {0} in quanto l'accesso al computer . stato effettuato come utente con restrizioni. Accedi come amministratore di Windows e riprova.",.. KEEP_FREE_PROTECTION: "Mantieni la protezione Web",.. NO_THANKS_UNINSTALL: "No grazie, disinstallala",.. CANCEL: "Annulla",.. NO_THANKS: "No, grazie",.. SURE: "Certo",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Disinstallazione di {0} riuscita.",.. SURVEY_OFFER: "Vogliamo sapere la tua opinione. Vuoi condividere la tua opinione per migliorare ancora di pi. questo prodotto?",.. SORRY_TO_GO: "Ci dispiace che tu abbia deciso di lasciarci.",.. UNINSTALLING: "Stiamo disinstallando il software...",.. START_HEADER: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2813
                                                                                                                                                                          Entropy (8bit):5.7350879207820284
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UmgtjeIgCS7v06vDxzezcu5dbwaIVvOaaI9nCiGSGfKi4Z0YX+NrVd2J:UmgtjP6r3dzevdUnkbf4ANrVu
                                                                                                                                                                          MD5:D09966922D3E2BB7825A01483211000F
                                                                                                                                                                          SHA1:8C5C4D1A3DCA16BDCFF126299B7C3B787449E5D5
                                                                                                                                                                          SHA-256:04A2E68B9929FD7CB806BBA560D6B3959F484847A422A17C3C0C684FB9FC3AC2
                                                                                                                                                                          SHA-512:2A616AA8C9516A636386E7B53528FC7B65E5C0D467A380C8EA0704CF032694BF31129E40731C71983FB50318371C44BF06A87F3C211656462E46E3570DB2959C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".......................................<br/>[OK] .............. ...............................[.....] .........",.. ADMIN_WARNING: "{0} .........................................Windows ............................",.. KEEP_FREE_PROTECTION: "..........",.. NO_THANKS_UNINSTALL: "....",.. CANCEL: ".....",.. NO_THANKS: "...",.. SURE: "..",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} ..................",.. SURVEY_OFFER: "...........................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2648
                                                                                                                                                                          Entropy (8bit):5.965466360269122
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UJfHnXcKfYWPiQrinx8fhU5aN0jFnSBra8ABYWajyqYOAl5us3aTLq9n:Upv2n0C5aejF4raNYdXAis+Lq9n
                                                                                                                                                                          MD5:51900FE8A49914FDA1FBE1F35775FF4C
                                                                                                                                                                          SHA1:3E5B62EE2F8252A8DA7159386015049176A84715
                                                                                                                                                                          SHA-256:349F8BB67FD381A88379E4D36C2A03497D69FBAF12E2636164149BCD536B9A98
                                                                                                                                                                          SHA-512:80CB766DE2522ED493CB0D9279F1B7D9C0C6E482A5BCDE8A27584042CA7BB49BE32BB8543FCF3367BE2647054DCCD7E6CAA0C1B378329B363465FD43BC34D69D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".. .... .. .. ... ... ... . .....<br/>... .. .... .. .... .. ... ... .. ... .......",.. ADMIN_WARNING: "... .... .... ..... .... {0}. ... . ..... Windows .... .... . .. .......",.. KEEP_FREE_PROTECTION: ". .. ..",.. NO_THANKS_UNINSTALL: "..., .....",.. CANCEL: "..",.. NO_THANKS: "...",.. SURE: ".",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "{0}. ..... ........",.. SURVEY_OFFER: "... .... .. ..... . ... .. ... .. ... .........?",.. SORRY_TO_GO: "... ..... .... . .. .... ......",.. UNINSTALLING: "...... .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2338
                                                                                                                                                                          Entropy (8bit):5.396206405077309
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:U2AUYbOdeMb72i5iur+vrJBFJZG5biH7kFJqSCLUhS0TGpCaiSV5TNnH:ULkX2G+vNBFSbiHIFCAc6SPNH
                                                                                                                                                                          MD5:D4879747D956E1916B263E98200D8135
                                                                                                                                                                          SHA1:302BC33C8CEC22BEF418C04B4E67C45304AF3722
                                                                                                                                                                          SHA-256:A20D5B7650772D59B347703844F9EF56191394681355B17346BEE90B99A6D9E9
                                                                                                                                                                          SHA-512:95BB36B92D4A8FC9B04A6EDDF45255B6F9A662036A62F68BE33CD379459E695042FC884ECED1BDE92C72121400B57A5E9F9453E3589C65907827CB3026E56645
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallasjonen kan ikke fortsette f.r du har lukket alle nettleservinduer.<br/>Trykk p. OK for . lukke alle vinduene automatisk eller p. Avbryt for . avbryte.",.. ADMIN_WARNING: "Du kan ikke avinstallere {0} fordi du er logget p. datamaskinen som en Begrenset bruker. Logg p. som Windows-administrator og pr.v p. nytt.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelse",.. NO_THANKS_UNINSTALL: "Nei takk, bare avinstaller det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nei takk",.. SURE: "Ja visst",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Du har avinstallert {0}.",.. SURVEY_OFFER: "Vi vil gjerne h.re fra deg. Kan du dele dine ideer om hvordan vi kan gj.re dette produktet enda bedre?",.. SORRY_TO_GO: "Det er synd at du ikke vil fortsette . bruke oss.",.. UNINSTALLING: "Vi avinstallerer programvaren n...",.. START_HEADER: "Vent! Vi vil savne deg hvis du velger . avinstallere",.. START_SUB_H

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2363
                                                                                                                                                                          Entropy (8bit):5.330164663060023
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:URHXIzXIV2xo3lID6XgocC7h7kBzyNkIK+2L0LgSPGxetBt/XktFOFVQA3a/:UhXOXgYGi6XgAgtIKtLeOw3FmAq/
                                                                                                                                                                          MD5:94FD0B4733A47B840735E1D3A97C347E
                                                                                                                                                                          SHA1:96CB962BBDD9DF336C83E377AF7BE40798B76F9F
                                                                                                                                                                          SHA-256:BC6272D53B4E2F610E7DCB3B2A9301FAFD4A50A0DF2FCA51F40C35FBE194D98A
                                                                                                                                                                          SHA-512:470CF5E899AB6DD7AA113FAE32F8187AE9B6AFE7E7A0C25BDFD48608EECD28D27D379517575C2FF52BB7D725FC8BE4462A0F7E394E67E7D5563F7BCBB9E4B9E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Verwijdering kan pas worden voortgezet wanneer alle browservensters zijn gesloten.<br/>Klik op OK om alle browservensters automatisch te sluiten of op Annuleren om af te breken.",.. ADMIN_WARNING: "U kunt {0} niet verwijderen, omdat u bij de computer bent aangemeld als Gebruiker met beperkte rechten. Meld u aan als Windows-beheerder en probeer het opnieuw.",.. KEEP_FREE_PROTECTION: "Webbeveiliging houden",.. NO_THANKS_UNINSTALL: "Nee, installatie verwijderen",.. CANCEL: "Annuleren",.. NO_THANKS: "Nee, bedankt",.. SURE: "Goed",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "U hebt {0} verwijderd.",.. SURVEY_OFFER: "We horen graag van u. Kunt u ons laten weten hoe dit product nog verder kan worden verbeterd?",.. SORRY_TO_GO: "Wat jammer dat u ons gaat verlaten.",.. UNINSTALLING: "Uw software wordt nu verwijderd...",.. START_HEADER: "Wacht! We zullen u missen als u de software verwijdert",.. START_SUB_HE

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2456
                                                                                                                                                                          Entropy (8bit):5.639526314050624
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ux6l/L182ZR1tM7T4K95K19ehLvfZhKXdWjpLTFi:U4lBXZjKWCfEeU
                                                                                                                                                                          MD5:DFFD53C36D72C8F2D4E492145350A5DA
                                                                                                                                                                          SHA1:EEA8B352FE8A3DC367EFBBF50B2212270A7248C8
                                                                                                                                                                          SHA-256:60C7AF2F7C8AF470204D02C8514B2E64B49673CF67B8D59D5D94F5B2C96A374D
                                                                                                                                                                          SHA-512:C8C080A865CE349A389E6D7E24B6630165701CE8D462538E86E547FCFB3DCD560F47315DBD3354DB745BEEBBD97E8E25DF5366F77F1DDC128DC00CB506E82E77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nie mo.na odinstalowa., dop.ki wszystkie okna przegl.darki nie zostan. zamkni.te.<br/>Kliknij przycisk OK, aby automatycznie zamkn.. wszystkie okna, lub przycisk Anuluj, aby przerwa. proces.",.. ADMIN_WARNING: "Nie mo.na zainstalowa. programu {0} z powodu zalogowania na komputer jako u.ytkownik z ograniczonymi uprawnieniami. Zaloguj si. jako administrator systemu Windows i spr.buj ponownie.",.. KEEP_FREE_PROTECTION: "Zachowaj ochron. w sieci Web",.. NO_THANKS_UNINSTALL: "Nie, dzi.kuj.. Odinstaluj.",.. CANCEL: "Anuluj",.. NO_THANKS: "Nie, dzi.kuj.",.. SURE: "Pewnie",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Program {0} zosta. pomy.lnie odinstalowany.",.. SURVEY_OFFER: "Chcemy pozna. Twoj. opini.. Jak mogliby.my ulepszy. nasz produkt?",.. SORRY_TO_GO: "Przykro nam, .e musimy si. rozsta..",.. UNINSTALLING: "Odinstalowujemy Twoje oprogramowanie...",.. START_HEADER: "Czekaj!

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2373
                                                                                                                                                                          Entropy (8bit):5.39733627694852
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UHC6Unw+8DeoRMzBDzXGZ077FG/BjS7kjd6AGBhofQR9Nv:UfUdkM1zk8Bw47kjZchofQDNv
                                                                                                                                                                          MD5:E546B885A419C18A25AB3E1527AAF57B
                                                                                                                                                                          SHA1:F2D3B303B8FFC113C380EF9A5CB13FCCE810D220
                                                                                                                                                                          SHA-256:0FF28375F3BE52A5A5690D84A5C132D8F7B618A26AF281026BF96F4631E3F06E
                                                                                                                                                                          SHA-512:258B309521A1EF4B3C1DFBEC927980861EE531B4FDAF71A46EAB18F24A8DC4B1347BEBE4E17B521F12BE3AD84CEEE8A1B720C7D35C08C35E6279FA8356C5E323
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "A desinstala..o poder. continuar somente se todas as janelas do navegador forem fechadas.<br/>Clique em OK para fechar todas as janelas do navegador automaticamente ou clique em Cancelar para interromper a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque voc. est. conectado ao computador como um Usu.rio Limitado. Entre como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o na Web",.. NO_THANKS_UNINSTALL: "N.o, obrigado. Desinstale o programa",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} foi desinstalado com .xito.",.. SURVEY_OFFER: "Queremos saber a sua opini.o. Deseja compartilhar suas ideias para tornar esse produto ainda melhor?",.. SORRY_TO_GO: "Lamentamos pela sua sa.da.",.. UNINSTALLING: "O seu software est. sendo desinstalado...",.. START_HEADER

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2369
                                                                                                                                                                          Entropy (8bit):5.4079735501786255
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UDlURTq+8ZxNHRSMMy7EVW14P9SZPkDPIjQ7AV2iEc5KQoID:UxUOitVQsDf7FQoQ
                                                                                                                                                                          MD5:149E0BBF2EDFCF809D2CCBD0B34FD0B5
                                                                                                                                                                          SHA1:18F49C57C8D9BC4778AE9F55DEB4B533BBD7F7C0
                                                                                                                                                                          SHA-256:D7186ADD85922E32B75780A52804D2EFF89C175B7A6F81AC2AC2B554C850A6F5
                                                                                                                                                                          SHA-512:6D8A9B6E94A6A725B9EEBE5D84740F9ED5450ECCC18252E43E3143CCE1DD4E229DD393062922134691234C5B80A86D5B4C9841FB68A8A1D7473E89AFAFEE313C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "N.o . poss.vel continuar com a desinstala..o sem fechar todas as janelas do browser.<br/>Prima Ok para fechar automaticamente todas as janelas do browser ou Cancelar para cancelar a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque tem sess.o iniciada no seu computador como Utilizador Limitado. Inicie sess.o como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o Web gratuita",.. NO_THANKS_UNINSTALL: "N.o, obrigado, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Desinstalou o {0} com .xito.",.. SURVEY_OFFER: "Queremos ouvir a sua opini.o. Pode enviar os seus coment.rios para tornar este produto ainda melhor?",.. SORRY_TO_GO: "Temos pena que nos deixe.",.. UNINSTALLING: "Estamos a desinstalar o software...",.. START_HEADER: "Aguarde! Se desinstalar

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3465
                                                                                                                                                                          Entropy (8bit):5.097424545190096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UxdXe3T+ZqUelORd3BZjNfGqhHmLgw0ZIsgUKacbkgmhVXAT1Wh9TEP:Uxt3xPfGqhHmkwKIyK+hx8
                                                                                                                                                                          MD5:31F821DCE9F7D669EFBECDE3185E050C
                                                                                                                                                                          SHA1:B9F6BFE74E7517283C9EC7115FC10F111D1F5429
                                                                                                                                                                          SHA-256:CE25AF25522FDE1E25816A9547D88C4508DB7A8D36820A0B69F49A44A6BE6BDC
                                                                                                                                                                          SHA-512:261F3A5C16E273E37E2C313F1CEBC2925E679C9673E1BBDBE370AB0636BF29584795E38B860E3193D61E2E3E6D366389BFE9CAAF35D9F10EAC6DA58CB7A65423
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "..... .......... ........, .......... ....... ... .... .........<br/>....... ...... .., ..... ............. ....... ... .... ........, .... ...... ......, ..... .......... .. .......... .........",.. ADMIN_WARNING: ".......... ....... {0}, ... ... .. ..... . ....... ... ............ . ............. ........ ....... . ....... ... ............. Windows . ......... ........",.. KEEP_FREE_PROTECTION: "......... ...-......",.. NO_THANKS_UNINSTALL: "..., ........ ....... ...-......",.. CANCEL: "......",.. NO_THANKS: "..., .......",.. SURE: "......",.. OK: "..",.. SUCCESSF

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2602
                                                                                                                                                                          Entropy (8bit):5.668373016806341
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ujo34jWoRebkIk8Am7/fz8x9kJghJhuaO+PUi53yqUA29nsYvrOstk:UjP1Ik8AajJMaavUi5RVgsSisa
                                                                                                                                                                          MD5:D4F9C25D0D28EB10C7A96A40E38980C3
                                                                                                                                                                          SHA1:C15BBE6C5B6380E54F6B08FC69B092A0164E9C0D
                                                                                                                                                                          SHA-256:571E50354EC269C6BA06359A45B739A855B266B7C72C307A65F1E9D79CF9D33F
                                                                                                                                                                          SHA-512:CFD35A19285CE4404110303CC39B0164F206784386EE9B66361745471057B7725EC810D854B1DE83ACF361AF3534D344233A66464FCF750632CC90C49D7BC17E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odin.talovan. bude mo.n. pokra.ova. a. po zavret. v.etk.ch okien prehliada.a.<br/>Ak chcete automaticky zavrie. v.etky okn. prehliada.a, kliknite na tla.idlo OK. Ak chcete odin.talovanie zru.i., kliknite na tla.idlo Zru.i..",.. ADMIN_WARNING: "Aplik.ciu {0} nem..ete odin.talova., preto.e ste sa do po..ta.a prihl.sili ako pou..vate. s obmedzen.m. Prihl.ste sa ako spr.vca syst.mu Windows a sk.ste to znova.",.. KEEP_FREE_PROTECTION: "Ponecha. ochranu pred webom",.. NO_THANKS_UNINSTALL: "Nie, .akujem, odin.talova. ju",.. CANCEL: "Zru.i.",.. NO_THANKS: "Nie, .akujem",.. SURE: "Iste",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Aplik.ciu {0} ste .spe.ne odin.talovali.",.. SURVEY_OFFER: "Radi by sme poznali v.. n.zor. M..ete sa s nami podeli. o svoje n.vrhy na zlep.enie tohto produktu?",.. SORRY_TO_GO: "Je n.m ..to, .e sa l..ime.",.. UNINSTALLIN

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2387
                                                                                                                                                                          Entropy (8bit):5.4861014984584076
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ub2RwcC6S2hGDlCEVFS/+uhRpTSQOa/YmAXXRTsa:UiKRE8ha/HhiQ70lX
                                                                                                                                                                          MD5:7736A64C15E4E9C7E15E0499E8E40DE5
                                                                                                                                                                          SHA1:A1F7B403C9E84B50220E047FF77B389A862CC0F3
                                                                                                                                                                          SHA-256:D5B86BECA01ED3110AA80F81DDBFD916732415157D1586925BBDFB3A07A3E9CB
                                                                                                                                                                          SHA-512:BEF67D2EA14F1A4223A678AEF4C50A1165130D7084E91F69B03C8A129DCFC8C2D52D5341F9B81F429F2AEACBD873C7B6746CB00B39308CED17ED11FBE85099EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nije mogu.e nastaviti deinstalaciju dok se ne zatvore svi prozori pregleda.a.<br/>Kliknite na dugme .U redu. da biste automatski zatvorili sve prozore pregleda.a ili kliknite na dugme .Otka.i. da biste odustali.",.. ADMIN_WARNING: "Ne mo.ete da deinstalirate {0} zato .to ste prijavljeni na ra.unar kao ograni.eni korisnik. Prijavite se kao Windows administrator i poku.ajte ponovo.",.. KEEP_FREE_PROTECTION: "Zadr.ite Veb za.titu",.. NO_THANKS_UNINSTALL: "Ne, hvala, deinstaliraj je",.. CANCEL: "Otka.i",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspe.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo da .ujemo va.e mi.ljenje. Mo.ete li da podelite sa nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to odlazite.",.. UNINSTALLING: "Sada deinstaliramo va. softver...",.. START_HEADER: "Sa.ekajte! Ak

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2300
                                                                                                                                                                          Entropy (8bit):5.474804605063888
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:U2OwbAtfP5E+Ht3zni7IL8wPt2i6W7GvCZCjXAPPeMHi2iwsuwmwOMJxAQ5S:ULwq7t38IfFN7JCaPeMCH4Q7AQo
                                                                                                                                                                          MD5:E4B03825A7303C09DBDF2742B4CDEC47
                                                                                                                                                                          SHA1:7EA5102618AB1081C5B73D57BB3E238F723E8EBB
                                                                                                                                                                          SHA-256:AC45BF99F99422FEA76F025AC059EE8DEDAF45A406716FDEC15DD2F09E9A4D4C
                                                                                                                                                                          SHA-512:31EAA59916A6D5908F5B419517F9781B6D87FC207972394F1C89B4F9E76D19DD42178B31AB123FC21B2BE10E4AA44E4E6B9220CD3F2F8EC13FEF90754A346EAE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallationen kan inte forts.tta f.rr.n samtliga webbl.sarf.nster .r st.ngda.<br/>Tryck p. OK f.r att st.nga alla webbl.sarf.nster automatiskt, eller p. Avbryt f.r att avbryta.",.. ADMIN_WARNING: "Du kan inte avinstallera {0} eftersom du .r inloggad p. datorn som begr.nsad anv.ndare. Logga in som Windows-administrat.r och f.rs.k igen.",.. KEEP_FREE_PROTECTION: "Beh.ll ditt webbskydd",.. NO_THANKS_UNINSTALL: "Nej tack, avinstallera det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nej tack",.. SURE: "Ja tack",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} har avinstallerats.",.. SURVEY_OFFER: "Kontakta oss g.rna. Vill du dela dina id.er om hur vi kan g.ra produkten .nnu b.ttre?",.. SORRY_TO_GO: "Vi beklagar att du l.mnar oss.",.. UNINSTALLING: "Avinstallerar programvaran nu ...",.. START_HEADER: "V.nta! Om du avinstallerar kommer vi sakna dig",.. START_SUB_HEADER: "Och v.rre

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2590
                                                                                                                                                                          Entropy (8bit):5.547653990910053
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UrK+A3WqDVZRmSXdypNsXHp8QbTBtW+R+jNvSvp2DAw0kxnfcOKef3gtlvne1J:UW3WQyQXHpHHBw+R+x680GfF3gtlvQJ
                                                                                                                                                                          MD5:F4D6D9CCB77242DFED6772A64B4BBEF4
                                                                                                                                                                          SHA1:519EF1E4B31514FE2A50612CD086758CEEBA2EFE
                                                                                                                                                                          SHA-256:64C94A44411592C50D7D37587831D19D36FC5B8E7913D84666691BB9EE861F24
                                                                                                                                                                          SHA-512:CB19E90534BEC93426C6F92EB1CBBED852D54E3ADCF3B9E166718F509501A8600CBE4CF39EDE81E25DEE761D72BFA03CE8A8F495B1BADDD3496B235CE6F0C5CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "T.m taray.c. pencereleri kapat.lmadan kald.rma i.lemine devam edilemez.<br/>T.m taray.c. pencerelerini otomatik olarak kapatmak i.in Tamam'a, i.lemi iptal etmek i.in ise .ptal'e bas.n.",.. ADMIN_WARNING: "Bilgisayar.n.zda S.n.rl. Kullan.c. olarak oturum a.t...n.z i.in {0} uygulamas.n. kald.ramazs.n.z. L.tfen Windows Y.neticisi olarak oturum a..n ve yeniden deneyin.",.. KEEP_FREE_PROTECTION: "Web korumas.n. tut",.. NO_THANKS_UNINSTALL: "Hay.r, te.ekk.rler, kald.rmak istiyorum",.. CANCEL: ".ptal",.. NO_THANKS: "Hay.r, te.ekk.rler",.. SURE: "Tabii ki",.. OK: "Tamam",.. SUCCESSFULLY_UNINSTALLED: "{0} uygulamas.n. ba.ar.yla kald.rd.n.z.",.. SURVEY_OFFER: "D...ncelerinizi ..renmek isteriz. Bu .r.n. daha iyi hale getirmek i.in neler yap.labilece.ine ili.kin d...ncelerinizi bizimle payla.abilir misiniz?",.. SORRY_TO_GO: "Gitti.iniz i.in .zg.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2207
                                                                                                                                                                          Entropy (8bit):6.3594701403436575
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UtM+PzEwQSBjFt9CNLX15qklwzATPXtrVeGTGB:UPftMtFzwzUtriB
                                                                                                                                                                          MD5:B59AAAAC52B618223883A3CCFACAB979
                                                                                                                                                                          SHA1:18E34DD3BE96FA167BDFBCA4AE98BF4179145FB7
                                                                                                                                                                          SHA-256:D2222A002F5A1701A470A7E10A1F8A6F6BDA13EDCB3B034A7A0C8C2DCCD6655F
                                                                                                                                                                          SHA-512:86DA8B7860ADB4ED779A57F5C9201D384E0AA28C1151A2862B45EBCA9C2DAA5A47C9C50B44290AED118018B7FA49C3A9DDF5D1273186938F8D0B2587E9CC08E1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "........................<br/>...............................",.. ADMIN_WARNING: "..... {0}.................. .. Windows .............",.. KEEP_FREE_PROTECTION: "......",.. NO_THANKS_UNINSTALL: "........",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "...... {0}.",.. SURVEY_OFFER: "........... .....................?",.. SORRY_TO_GO: "............",.. UNINSTALLING: ".........",.. START_HEADER: "...! ................",.. START_SUB_HEADER: "............

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2271
                                                                                                                                                                          Entropy (8bit):6.363323658706558
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:UtQEPQWGitIGg3V4BxFrtYqbu1bRqAO5qgggF3pA5Bo:UCEjAqxHsG5eEpAro
                                                                                                                                                                          MD5:CC2579B3DFE06ACE43FEA4804C7ECE99
                                                                                                                                                                          SHA1:07CA624B77091EF516C39E27477B469624F7C607
                                                                                                                                                                          SHA-256:9D2A83637796F072C28218B4C5A9CB80820C1109CF1D64428706AECB99A6446F
                                                                                                                                                                          SHA-512:B4DB2369F1CB3951461840FD5CE7840067AFE79CF2C9B90834B4F683ED556462413AF948112EF6E21A7FB5E1F83F42E2ECED838C024DB8D064496AD4EBE761CC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".........................<br/>. [..] ............... [..] ...",.. ADMIN_WARNING: "....... {0}..... [......] ....... .. Windows ..................",.. KEEP_FREE_PROTECTION: ".. Web ..",.. NO_THANKS_UNINSTALL: ".............",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "....... {0}.",.. SURVEY_OFFER: ".......... .......................",.. SORRY_TO_GO: ".................",.. UNINSTALLING: ".............",.. START_HEADER: "................",.. START_S

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.421577842693986
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPLng:Yo6KUtjVLk4t94iU3KNoT8u8ayg
                                                                                                                                                                          MD5:9FE61AB675B400AEFAC96AA167CA4EB5
                                                                                                                                                                          SHA1:402D75F1A5334A0387653D1AB0C72C362653FC0E
                                                                                                                                                                          SHA-256:51990924DD2887EEA7AE572740D016EBBD970FA8015FD40BC2CBCBB63FE19A44
                                                                                                                                                                          SHA-512:7EC5B2692C2F2C8B42FE97AD45A8F7B0DB0F02875B0A362329B39EE33391D309EB179DE9C2C2B3513364111D0851E97253029F768C7B78BAFA7BF4771D5D2385
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.419897316300179
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPcD:Yo6KUtjVLk4t94iU3KNoT8u8a5
                                                                                                                                                                          MD5:A3672F0A0A41208730DD6E62E0AA0275
                                                                                                                                                                          SHA1:CC2892D7780CE64CDD877EC759130C477C0ADD18
                                                                                                                                                                          SHA-256:8C06426F664E2ACABAF1C6EB47752E255C90CADE05482494CA37E1D23EE4F138
                                                                                                                                                                          SHA-512:C790782CCBB777EAEEC1CF7FA4C99445713B45A4960FF9C113DC6D446D2B1D68ADF1CC2A14054072700F230A113CE4189FB0984A4FED0B9827A2872431CAF96E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.409948627721378
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPn:Yo6KUtjVLk4t94iU3KNoT8u8aa
                                                                                                                                                                          MD5:9EFDF51475A43968D6E4718EF377D114
                                                                                                                                                                          SHA1:BE68A01805A1E485F65A5710AD1DE92B16FB83C3
                                                                                                                                                                          SHA-256:4DD8335F3BC0D25322513392868B7E9CDA50107DE370AFD6ED6D0E1B00D75569
                                                                                                                                                                          SHA-512:836EC2DC8AAE109026B4CD1050DF9469FCE61AF45EF171F732D2182EB31F4C4F46018535F3D5A559C367FFEF0F8ACAD964D4783CA6C14A93FC86ABAD335CF32E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.413603514419358
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP7:Yo6KUtjVLk4t94iU3KNoT8u8aW
                                                                                                                                                                          MD5:0E73429D670F5C9CEEA7AF17D2EF9999
                                                                                                                                                                          SHA1:C13A5D362F348ECB94B436B49136B3A94F413891
                                                                                                                                                                          SHA-256:FC6D0B1BCDDDCEE70D03D796A706DFAC88AC0B8BAD72FEA327EDFEE730D8B71E
                                                                                                                                                                          SHA-512:AD52364986752C1407E495027258EC5D3CE5C34E0D86029969DA0CFB93E66E2EA5BA5AEE523F63BAD0601FF601DA3CDAEACE24EC643B48F4B6055FC3710CBBAF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.413406832301877
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPpQ9vm:Yo6KUtjVLk4t94iU3KNoT8u8aA
                                                                                                                                                                          MD5:3F6135FDB0DEAC31D3BD26B3BCB3D9FA
                                                                                                                                                                          SHA1:56F00B405F7750AE50FF74C3751643B294EA9376
                                                                                                                                                                          SHA-256:F524FC64628283054B562D159184E28745C17A0C4F206E06E08427438B4DE5C2
                                                                                                                                                                          SHA-512:044FC79350664633EE117DCA61E2BBFDD93A1581246F022F0C790D0F278F7807B6B74AD90CDD9946E1D1983E7B2FB5CA12E80AF684088A1E414B6EA9DEA54BD2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.4161981543742375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPY:Yo6KUtjVLk4t94iU3KNoT8u8aJ
                                                                                                                                                                          MD5:C390774B91883A1BFCC628C735864D0F
                                                                                                                                                                          SHA1:3CBF5604C05947E86B975BD95109FF1A00E2398D
                                                                                                                                                                          SHA-256:FAE5F9ED555CAF667336B07E6086F878947EAF75501A56C5E5B7848C0EB59630
                                                                                                                                                                          SHA-512:00611AE33EC58A991163DC3FC577912F7118DBFA7525C5716491759C9576EA2BE689CF07459E44BD0658A53169334964E8EBF64179EFD9FD21A936FA85FF4657
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.4133944203366635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPY:Yo6KUtjVLk4t94iU3KNoT8u8at
                                                                                                                                                                          MD5:C369092A4D4530239D42F94D631F683D
                                                                                                                                                                          SHA1:D67FFDAB98A74C4E9A477BE6434A6B38D28E5508
                                                                                                                                                                          SHA-256:C0F9CCE38563A117907543C1EA522CF0D014102324A9EF46660A9B01833895E8
                                                                                                                                                                          SHA-512:17D6EC8C7DC17AA4D2F3A5B89C9CFCBF23903ADBE2AFC6ED938AA8A48C80B5778EB80B8BDA78D72BEE932AD56C4B5CCB743FEAB5D1B9D44D4541ADEBC9369FB3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.421392433119576
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPDH:Yo6KUtjVLk4t94iU3KNoT8u8aIH
                                                                                                                                                                          MD5:4488C6A7EAEC8F97DDD2FBFA467BB3B8
                                                                                                                                                                          SHA1:8DA32ADBB4CD5AE1B793AD8323C78F56EC1ECA41
                                                                                                                                                                          SHA-256:0568B7E9AC97003EDC3DC5E277A4D1925E0E442DC99544E67F3F7ACFF2C1388F
                                                                                                                                                                          SHA-512:7C358DEEAD1A3DD24CFF5B8CB174D5C457D9D898E51D49CD7A8DACDFEDD64DF831028BB73D69B79BD527FB857B4EE354A8C604A41CBF6FF514623378E8EB2EE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.414224710526144
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPjgH:Yo6KUtjVLk4t94iU3KNoT8u8a6s
                                                                                                                                                                          MD5:EB13CD7B73F29F695F8D2D470D1562CF
                                                                                                                                                                          SHA1:4E9903DA07BF60BAF683C480EB5166AFE3CBA633
                                                                                                                                                                          SHA-256:B867441425FE2997BBF5A4FA90151AB1EC964F7C7821174CBCEBD01994AFB91D
                                                                                                                                                                          SHA-512:3561A7726CDF78AD4CB69CEC055AE51E97FAD3F627067DF65B2421A167DF5D040131714E02A72549EAA5825CBBA1FC927D0C5D06CBB1A31793101F166D11FDB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.413744033444191
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPPD:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                          MD5:04ADB8773162AD4F83BB4B105D7A2D3C
                                                                                                                                                                          SHA1:F5491694EE4A57C273DA2149C55953763FAC8F61
                                                                                                                                                                          SHA-256:940BE99ABE6A2A19259F571D587EB1ABD3940D749DB8A68AC87CAD63C1DD921F
                                                                                                                                                                          SHA-512:2241980DADCD13883DC91A8675B722C64839E4D12792E2BA7F304D805D8718D7DA83307A9D4C0AE3A933EF60902A33197DA7C075F2271B8CEBD4011497D19E35
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.418902385318098
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPmp:Yo6KUtjVLk4t94iU3KNoT8u8azp
                                                                                                                                                                          MD5:8F21889C438D0E7FCD3FBB01936181F0
                                                                                                                                                                          SHA1:3FEC8424E930A0305DC5AFE5456D434667703642
                                                                                                                                                                          SHA-256:9EB1DDE93E8530B93D4A9FAEA2E2934A986621C6A1588DBC1C03E0EA762CE340
                                                                                                                                                                          SHA-512:81003B269E54CD0D48BAC9D28F9459B37F9B15C343849F4EEB7FB64B1CA3EFA6F3B065E778306663E7FF5E3884A7A623FAA549DE4472244D0D93C7AA4AF4BE9D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.4174628836720355
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPp+:Yo6KUtjVLk4t94iU3KNoT8u8aQ+
                                                                                                                                                                          MD5:09ACFE979DDC0083D223A2CD508C0D84
                                                                                                                                                                          SHA1:116BFB0C7B06BF851CC6D6DA0FEF578F008875E5
                                                                                                                                                                          SHA-256:DBB6582ACEAE46401F25DE2AC865AB4FEAC20248FEAA1AC48B41C706AD14AEA6
                                                                                                                                                                          SHA-512:B0F0CEF8F5ADB5675B79149383C7FBCB718FF614592DE6D0D5A010DCFF61C3E459C71A2A0B5A73D635475E3169F2281BC5094BA0A509F060375677EA342C4266
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.4034843296203325
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPH:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                          MD5:679FF7B236A0BC9B892B1DB3CD04014B
                                                                                                                                                                          SHA1:2707E7226882896D6239EA175AD68ADDBA858F3D
                                                                                                                                                                          SHA-256:C8464B790741BFC9D24A96B7360AF3457BDFCC001AB48AE4636AEDBF18E66482
                                                                                                                                                                          SHA-512:88F146D83BC386788541583CC149EE59FF3746A6D391476CFEF2FA6C667C0B07B75988B6A729E7CC474A8023FF88AFAE364536A9E84E30E695FDE3935D54724E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.413672546832975
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPI:Yo6KUtjVLk4t94iU3KNoT8u8aR
                                                                                                                                                                          MD5:D0ABCD9FD9E845BF1290CDA39F3507BE
                                                                                                                                                                          SHA1:4D71FBD13F5830A246A676DF51F42AC52C8AA183
                                                                                                                                                                          SHA-256:420C537B799C6AE58B9E2F809B0FC191AA2E481644186F595469028D652B777F
                                                                                                                                                                          SHA-512:3C3FE99872F8C3AF2FF858A5133FE878F23DB0CF21DA99183D44B3BCD0CFD72A5DCE919BE6CB29992A5496FD654B8FD5EB4804D22A034123C2BC64B2A1BC22AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2008
                                                                                                                                                                          Entropy (8bit):5.909488900192057
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:7vzEJoY7j197RD0AQUSRrNyEimWAwHM3+i3PZOHsciY/oY7BL+WPUJupxJXA0:/ZYt9iAQhRwEimWQ+i3YBLztgJ8xG0
                                                                                                                                                                          MD5:10683AB0B71EBE3C1F51A299B7864D2C
                                                                                                                                                                          SHA1:4416601198B6ABA9F187E0C1434EEAD892EC5C7B
                                                                                                                                                                          SHA-256:A0F936B24F8A84CB6E4B7417C7DD6CA49C6D71C44CBCA1D458461CCFA4BCC9F6
                                                                                                                                                                          SHA-512:748D3E6766123A46371754148D9B32766ECA7561A3F9DB7A3F34A92D2CFA59FACDACD4255486BC9A51F193F1E8104317D6DD2079AAC8AB2B524D6B9E8EEF66AB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: ".. ... ... ... .... ... .. .... ....",.. UT_WSS_TOAST_TITLE_COHORT_2: "McAfee. .. .... .. ",.. UT_WSS_TOAST_TITLE_2: "... .... ... {0}.(.) .. .. ..",.. UT_WSS_TOAST_TITLE_2_STRONG: "... ..",.. UT_WSS_TOAST_DESC_1_VAR_1: "McAfee. .. ..... .... VPN, .. .. .., Premium ...... ... .. . ... ......",.. UT_WSS_TOAST_DESC_1_VAR_2: ".. . ... ... ... .. ... . .. .... ......",.. UT_WSS_TOAST_DESC_2_VAR_2: ".. McAfee. .. ...... ......",.. UT_WSS_TOAST_DESC_COHORT_2: ".. .... ... ......, .. .. .., VPN, .. .. ... ... .... ......",.. UT_WSS_BUTTON_ACCEPT: ".. ....",.. UT_WSS_BU

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.418516889252441
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPKP:Yo6KUtjVLk4t94iU3KNoT8u8aF
                                                                                                                                                                          MD5:B3C02DEC4E232FC624AB0C1E55F6312B
                                                                                                                                                                          SHA1:4658B03C568897D0D1DA1245E243D95E86BEB868
                                                                                                                                                                          SHA-256:3EB1D58410DCCEC475EBF1DB6B892A52188691DACAEB2EC8E667FA64D3119DDF
                                                                                                                                                                          SHA-512:935768715B870599369B004E5B044A5673C3FBFB54F1FE53A36F1605D6FAD1399C2257661C3ED76F58232F60BF38B9A68F18CA7C5E7CE6E921A6C0641083CB1A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.418407979344233
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP/isU:Yo6KUtjVLk4t94iU3KNoT8u8amisU
                                                                                                                                                                          MD5:52573AEC0D6D921E975497F0266F23BB
                                                                                                                                                                          SHA1:E445E213D9A958E02A09630C751E91D2DF68FB88
                                                                                                                                                                          SHA-256:9723D05E9B11A6FF8747957DF31E6FD0D37CE0A6CA1B5FF355D3E8D4C4E9AD2A
                                                                                                                                                                          SHA-512:0A08872AA6F3CBD7976D6BE5E5DBDA0DD7D4546C071F4D0D307E9A7987D6373BC8CDB3DF9C5224B2E69EC75CF1BB1095B4C02E6B41450D1C45C996D730EA3ABB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.411191886747714
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPdgd:Yo6KUtjVLk4t94iU3KNoT8u8ayO
                                                                                                                                                                          MD5:B6E853A5599D13BB5F612EF9AD8E497D
                                                                                                                                                                          SHA1:37A450E00707344D6B97F75B189C85E6FBDA64F3
                                                                                                                                                                          SHA-256:3CF0A5FB0F04EC78B4FDB3E5E305F633EA809EBD157AE825B1FDA59530019EFB
                                                                                                                                                                          SHA-512:69CB3F1F0D88293EE85555AFB296975AA57ABB975ED7B9E25453C90D7939FCE1D83CA42FA5990E33F6D23AFAA297FFF84F8CCF1E7739C15E67DF3D2201337DAE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.419642142736874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPA:Yo6KUtjVLk4t94iU3KNoT8u8a9
                                                                                                                                                                          MD5:F2964EDBA338BF8C3448180A1103A0B9
                                                                                                                                                                          SHA1:80C7E663F9EC61A3C7D02AA651FB0E6825C09E06
                                                                                                                                                                          SHA-256:A8151AA386FFBA740FC887DE1B77717A9192789B371D4393CD29D60ED9B7EB88
                                                                                                                                                                          SHA-512:1534BE7ABCD235B79394993E499748944BF216D091768DCCEDA7484E76D64C46F3501BDEC69B7C12A9F76965892475584529C12FE8CB59EB0B34D6E2228BD70D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.416188183976697
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPT:Yo6KUtjVLk4t94iU3KNoT8u8a2
                                                                                                                                                                          MD5:B621CE9D127DEA90D5B356C0621533CD
                                                                                                                                                                          SHA1:4EADEE73CE9E83B86F2DE551054518AA5C2D2AEC
                                                                                                                                                                          SHA-256:D9FC7D632EEFA7C04DAA892858D730569E9ACCF79EEF69E20354A19B4A0C9548
                                                                                                                                                                          SHA-512:5F9C0E575C3B51C9D8264160937D07B2D04540DDD688EC9AF3C31981786F928CDEA5172832CF6F90F438B493E65413DCB879B92DEDAF86096D399FA53DAA5E20
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.421464808614118
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPb:Yo6KUtjVLk4t94iU3KNoT8u8a2
                                                                                                                                                                          MD5:78F2AC106B4B5DBA5BA1E3A49A1C2EBB
                                                                                                                                                                          SHA1:79D5B6D8AF4C28F41299619DA439893E0B9E911F
                                                                                                                                                                          SHA-256:66CAC992D653ACE527EC60F7134F481456C25CD62F1ACCDC0D2720D7EB5D987F
                                                                                                                                                                          SHA-512:F6A7E6C1E6D2BC678AEAFA25DD5609A2E8FFFCD92FA6752EECA69EC33B15ABF704D9099AA19C883385959369103541D82D20B16CB4BE9DE70855D8A5B589C8EF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.419498727672663
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP3H:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                          MD5:2E52C69A19D3C7EE73E3B4FEBF98F5D2
                                                                                                                                                                          SHA1:3E42280B017D03E04AD54E0BCEC0649BFB0088C6
                                                                                                                                                                          SHA-256:DDF44D25CF0196F680F43E9DE89CAF0ECFEE299DE1C943EB6DBCD6E1338CEEB2
                                                                                                                                                                          SHA-512:F28E167B0608DA1A7D49ECF6ECFC1A89B3A49F47867A49D6DF1B8A09E9D82EE93CE8F7284C9ABEE0B23F7E0C7F0F57D35AE097A478919164D8DB44A8CD284020
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.4174647835949745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP6r:Yo6KUtjVLk4t94iU3KNoT8u8a7
                                                                                                                                                                          MD5:1952E5DD26BCABA52EB1809DD35FC27D
                                                                                                                                                                          SHA1:869C956A9C66E2371B0F95E0AD6311323926D4A9
                                                                                                                                                                          SHA-256:41D6AC5C30C06E6F1342C699F0479115A2BE08ED8B0527A88E26751DC2A7DDF1
                                                                                                                                                                          SHA-512:D8520BD10CD7C26664BF16EF21853397A3824A88A90D07C413D06CCC1B7CD28E63672C3F10FC84C12E267089A2029371989A01B5517384C3B3624F55EBCF2552
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.407751420560367
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPqYL:Yo6KUtjVLk4t94iU3KNoT8u8aNYL
                                                                                                                                                                          MD5:CDAA2CC07FBA9C893F81D2FC43722BC1
                                                                                                                                                                          SHA1:81D8D73C23167AE95DFB4D4EEBFAD502DD7E8CF2
                                                                                                                                                                          SHA-256:94D40769CD5CFA698C1D20BD20BF8192141D612CFBAC077F3B40AC4E42A09930
                                                                                                                                                                          SHA-512:82A23AA8DA5E8B98EAE67D2705953AEF1673A0C5ECC5582435CE79681AB57B86528FE5279646350E85A4DA4E47463B4D0A32663D3C1FEF9A49BC3E2BA7AABA70
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.415854621104547
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPug:Yo6KUtjVLk4t94iU3KNoT8u8a7g
                                                                                                                                                                          MD5:DEC587EADBFCEF562C3FE22C8EE0D213
                                                                                                                                                                          SHA1:942A2388B313A96CBAC4F0A23556CA2C8E39ED7B
                                                                                                                                                                          SHA-256:D8D1560A39D5756E3613DCA69156E11D7899E589B861818D056F87E0B80B59AD
                                                                                                                                                                          SHA-512:BB68351E3C0AF86929E92A5A36BCD0BB55A390019AE9F0FAC159AF2019685C4DFE4C81251C51D849C359321A5AC301766E9474023795F7FD49E8CEF856AA5E0C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.418590506750218
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPZS1t:Yo6KUtjVLk4t94iU3KNoT8u8agO
                                                                                                                                                                          MD5:A594F29F65A7459ED90AC4A1087029BE
                                                                                                                                                                          SHA1:19BC2C3F3E7A5331E4A59F39F50121855905D4C2
                                                                                                                                                                          SHA-256:22D72E4BEEFE897605B4548656925F7790EEEF7317272CA35C26302821F5502F
                                                                                                                                                                          SHA-512:84C428B0B890BAFFE6B073F552F207F784302D4E5550137DC59D8D9BB1D44E5C465EC13A950A03C7A5F5337B4167D6CCBA36BA91091CBD839CBDA9AF7BE9ED66
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3601
                                                                                                                                                                          Entropy (8bit):5.40638253326414
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPPY:Yo6KUtjVLk4t94iU3KNoT8u8aeY
                                                                                                                                                                          MD5:67A1529C4568AE5C4E2AC3A63DF33C99
                                                                                                                                                                          SHA1:317DF42B5A1680B3A093580D423C60D4BAB37D6B
                                                                                                                                                                          SHA-256:7F9F04214166818007111A861D5812888B2E87772C7B5E84A7B511686C57D218
                                                                                                                                                                          SHA-512:7E7F88E083B6857C4427BA720431ABD030E6A84751F1388134206D077FD6EE7DA3434258246BB0BF0830B575F17473740A89D043CD65FD152B1F50A5291EE38D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1260
                                                                                                                                                                          Entropy (8bit):5.772215715910839
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPy7dadSybOjRlnkggpHlnEAKETUy6fQXKb6fMocWjq1EU:PyRaSgCLyZgfQaCMocWjen
                                                                                                                                                                          MD5:35584AC9B786234394C8B70C8FA6AC35
                                                                                                                                                                          SHA1:AC700C057336AA7C96548C1CE11D30D2D259F722
                                                                                                                                                                          SHA-256:11187D284C306769E3F08F01E6ED01C9F94299969607CAE708BAFD47A59FDB2E
                                                                                                                                                                          SHA-512:8555070A8F1F8D2C376B0341E92D631D1F040A80888E8830A577AA981F9EFE3827590F0F8D3332E4B0E46F5A34F53754BFBDDB2DCFB4978B21CD851ADAA7897C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.skejte aplikaci {0}",.. BANNER_RIGHT_TEXT: "Zrychlete proch.zen. internetu",.. TITLE_FIRST: "Zdr.uje v.s nep..jemn. automatick. p.ehr.v.n. vide. p.i pr.ci?",.. CONTENT_FIRST: "Proch.zejte internet rychleji pomoc. aplikace {0}. Zastav.me automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek.",.. TITLE_SECOND: "Posledn. uji.t.n. . chcete zastavit automatick. p.ehr.v.n. vide.?",.. CONTENT_SECOND: "Aplikace {0} zastav. automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek. Pokud o aplikaci Web Boost nem.te z.jem, nebudeme se znovu pt.t.",.. NO_THANKS: "Ne, d.kuji",.. YES_GET_IT: "Z.skat aplikaci Web Boost",.. LICENSE: "Licen.n. smlouva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1184
                                                                                                                                                                          Entropy (8bit):5.493379571388782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPVdSoggneOKTDy3DHZXQTDITDy3DHM1qrjgHMf8WpK8+kGdJIVj:P/SojnMDkD5+DWDkD/CMf8W74JGj
                                                                                                                                                                          MD5:205CFFD766ABF808BB30C34EE05B4ABA
                                                                                                                                                                          SHA1:09114D40CB7256F915BA7036C3FBDC836E95CA39
                                                                                                                                                                          SHA-256:54A11C149265195665A5683B9ED4DA615407D01C37B14EBDD48ADABD82B76281
                                                                                                                                                                          SHA-512:707CD9E4EB76B0E7A5C2E5D41E773E3EF11E9B863B6E1904F42E2BDE363BEBBE2B3AC103A69BB44A9774000A9B82AFA7932CA99CE05D91FA2496525E04F9FFE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hent {0}",.. BANNER_RIGHT_TEXT: "G.r browseren hurtigere",.. TITLE_FIRST: "Bliver du sinket af irriterende videoer, der afspilles automatisk?",.. CONTENT_FIRST: "Med {0} kan du surfe hurtigere p. nettet. Vi stopper automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet.",.. TITLE_SECOND: "Vi sp.rger lige for sidste gang: Vil du stoppe automatisk afspilning af videoer?",.. CONTENT_SECOND: "{0} forhindrer automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet. Hvis du ikke er interesseret i Web Boost, sp.rger vi dig ikke igen.",.. NO_THANKS: "Nej tak",.. YES_GET_IT: "Hent Web Boost",.. LICENSE: "Licensaftale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du kl

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1153
                                                                                                                                                                          Entropy (8bit):5.4998219823651135
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPRPcuFic3c4kEZkxQ0jwkIWDBpfCdEIfkSWFHCn+Gx:PRkU3c4xZEjw1WLmhfBWF3Gx
                                                                                                                                                                          MD5:1769F0B2E4704D0A487D97B9CF07B526
                                                                                                                                                                          SHA1:31CA3771EC4F63FD2F8003379AC7226288AEE18F
                                                                                                                                                                          SHA-256:C1C718E195530D312DF8C0AB602FE8314F9E23691C23CF0C7DFA4451A4E7479C
                                                                                                                                                                          SHA-512:2CBCBF569CB781CFD7257641F247A0ED1648B4B2A59ADCEEFDA1371E0600F697695353902228DFB49AF70F2A30EAB9EB2E2F26FE573A9356991136CEC49DFBC7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} herunterladen",.. BANNER_RIGHT_TEXT: "Surfen beschleunigen",.. TITLE_FIRST: "Wird Ihr Browser durch st.rende automatisch wiedergegebene Videos verlangsamt?",.. CONTENT_FIRST: "Surfen Sie schneller mit {0}. Wir stoppen die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen.",.. TITLE_SECOND: "Letzte Nachfrage: M.chten Sie die automatische Wiedergabe von Videos stoppen?",.. CONTENT_SECOND: "{0} stoppt die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen. Falls Sie nicht an Web Boost interessiert sind, fragen wir nicht mehr nach.",.. NO_THANKS: "Nein danke",.. YES_GET_IT: "Web Boost herunterladen",.. LICENSE: "Lizenzvertrag",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Durch Klicken auf {0} stimmen Sie Folgendem z

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1666
                                                                                                                                                                          Entropy (8bit):5.276007230044297
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPcdh0GeuxX+8PFGIPg+c8NS0I5mmiKfQOQryfRXCWkHW3uUIOM4ckS1:Pah0G1+8NHc8mv46fIWkHW3uUIScky
                                                                                                                                                                          MD5:750F6354F3C1DAAC685A13A2BBCAC0B7
                                                                                                                                                                          SHA1:0471C8CA5222DF85D04FF4C94957DC2A18D43D13
                                                                                                                                                                          SHA-256:FA9C971A81F8BD3695119C0D9172B79C8D1F37F3549422CC96025A8F8129058A
                                                                                                                                                                          SHA-512:649A64C9A72BFA316C3E71CE8315E759639FCA9735DDE910D9C67F26D29D5FA06E40DD3B42C527B7198C8439148036778E302285825741DD51FE2CB6637FB0EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "......... .. {0}",.. BANNER_RIGHT_TEXT: ".......... ..........",.. TITLE_FIRST: "........... . .......... ........ ........... ...... ... .............. ...;",.. CONTENT_FIRST: "............ ........... .. .. {0}. .. ........... ... ........ ........... ...... ... ........... ... ......... ....",.. TITLE_SECOND: ".......... .......: ...... .. ......... ... ........ ........... ......;",.. CONTENT_SECOND: ".. {0} ......... ... ........ ........... ...... ... ........... ... ......... .... .. ... ... .......... .. .............

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1000
                                                                                                                                                                          Entropy (8bit):5.56075824951649
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPSdHKCjkAyNRtOzeWaAb5LOze8WRSonGfQX0CWP9A91C9uNhzu:P0/nyNRtlWhb5Ll8W2fQJWPu91EwS
                                                                                                                                                                          MD5:64583F0ABA7A4186E415D77218B7E672
                                                                                                                                                                          SHA1:28CB70402C9F58D0C1326A81CACF7A590ACDF150
                                                                                                                                                                          SHA-256:1FFA0B8D9DFAC39AD0E45D79FEC0BFD16C77185DAB792A906F88AD39FA0605B9
                                                                                                                                                                          SHA-512:08B8C6CAF3305DEA24B3FE1E8BF52EAD2161BB2445AF5D7ED7674530AD7D0ABE74A91F92DD25AB58429D8ADDF999193E419C0402C4747E4D996BD90A6F1019FF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Get {0}",.. BANNER_RIGHT_TEXT: "Speed up browsing",.. TITLE_FIRST: "Annoying auto-playing videos slowing you down?",.. CONTENT_FIRST: "Browse faster with {0}. We'll stop videos from auto-playing and slowing down your browsing.",.. TITLE_SECOND: "Checking one last time--want to stop auto-playing videos?",.. CONTENT_SECOND: "{0} stops videos from auto-playing and slowing down your browsing. If you're not interested in Web Boost, we won't ask again.",.. NO_THANKS: "No, thanks",.. YES_GET_IT: "Get Web Boost",.. LICENSE: "License Agreement",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "By clicking {0}, you agree to our {1} and {2}."..}..//4720748BE27465304240FDBD315F2AAE6A7A79C5EE1211FA36CD7AB9BA8916B06BA6027F9DA702C2AD7805617C166B89D36A1B58D5D2A3B46BC73859E9F0EDD1++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1169
                                                                                                                                                                          Entropy (8bit):5.504340578436135
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPDV7dKPMce+abJtZ5hZUsMNei5hZGSHGNf9gnW+l5ww8:PJRCMceXbJrnAeingfGWWww8
                                                                                                                                                                          MD5:4E2EBF3C90B102D9AFD14F0245DABC5C
                                                                                                                                                                          SHA1:81064E6F4F70F4DC40920F8EF6636F0AFC1120F8
                                                                                                                                                                          SHA-256:785B165B34601A7D239BD554770BAF0B7AC050D5D665C5258056E946575DAE83
                                                                                                                                                                          SHA-512:068F3D29D2FE998D536ED9B8B2221D1D6E016F0EFB63C56FDE2721469E4EE12E7AD76CC0858C80085758BFA0401E83B09CF1ABE96844A03A8EB53CB8D0E87416
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtener {0}",.. BANNER_RIGHT_TEXT: "Acelerar navegaci.n",.. TITLE_FIRST: ".Los molestos v.deos de reproducci.n autom.tica entorpecen su trabajo?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Impediremos que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet.",.. TITLE_SECOND: "Se lo preguntamos por .ltima vez: .Desea detener la reproducci.n autom.tica de v.deos?",.. CONTENT_SECOND: "{0} impide que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, ac

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1126
                                                                                                                                                                          Entropy (8bit):5.509097532884307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPydhtceEumJUqeJmyUe8EFXjeseZqSHGNf9gnW+l5wOrlAv2:PUhtceEumJUqePUeVtjes5fGWWw4O2
                                                                                                                                                                          MD5:653FA3D4DB0656089D8EE55D413CB59E
                                                                                                                                                                          SHA1:C61B475CF2E096DF6FC88059AB001BFCB9735365
                                                                                                                                                                          SHA-256:4041E229FEC34DB623A3A789400712CE248EC88188BF0CC468CB82DC4AC4B30E
                                                                                                                                                                          SHA-512:F94F389A8F87CAD019C3BDB60D8CF35B7EFCF4CC3065E937FE95FEC1F8E543AE48B5B869601EDBA1BA6EB1E38312E6452B43E7E5B446CDC6E4C6D6A3D1ED27E9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenga {0}",.. BANNER_RIGHT_TEXT: "Acelere la navegaci.n",.. TITLE_FIRST: ".Los molestos videos de reproducci.n autom.tica lo ralentizan?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Detenga la reproducci.n autom.tica de videos que hacen m.s lenta su navegaci.n por la web.",.. TITLE_SECOND: "Su .ltima oportunidad: .desea detener la reproducci.n autom.tica de videos?",.. CONTENT_SECOND: "{0}detiene la reproducci.n autom.tica de videos que ralentizan su navegaci.n por la web. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, acepta nuestro {1} y {2}."..}..//6865

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1104
                                                                                                                                                                          Entropy (8bit):5.521656371165339
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPNdI11Y5jxKjrdTcv+qjYbKjrdT7vVa6EafIWd+H1g29Tqd:Pnc65jxKjJAfEbKjJPgafIWoVg2li
                                                                                                                                                                          MD5:7774BF229837F1B9B7BF1D8735BE1714
                                                                                                                                                                          SHA1:F405A7A0329642844EADCF17A42C57B2B34130A1
                                                                                                                                                                          SHA-256:83D4E504D43FD0B2C10582E000E7246F9E250CF8CBC9F6C3C874938825029E04
                                                                                                                                                                          SHA-512:9578CBBEF03CEBBE7DEC6BF9B3B406E221B8596C90DAE554488524E9A09A0DB5BA0720ECF10DF2965A0E2F25660842C49A86314636A68171F27CDD3336E96C25
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hanki {0}",.. BANNER_RIGHT_TEXT: "Nopeuta selailua",.. TITLE_FIRST: "Hidastavatko .rsytt.v.t automaattisesti k.ynnistyv.t videot menoasi?",.. CONTENT_FIRST: "{0} nopeuttaa selailua. Est. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi.",.. TITLE_SECOND: "Tarkistetaan viel. kerran . haluatko est.. automaattisesti k.ynnistyv.t videot?",.. CONTENT_SECOND: "{0} est.. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi. Jollet ole kiinnostunut Web Boostista, emme kysy asiasta uudelleen.",.. NO_THANKS: "Ei kiitos",.. YES_GET_IT: "Hanki Web Boost",.. LICENSE: "K.ytt.oikeussopimus",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kun napsautat {0}, hyv.ksyt seuraavat: {1} ja {2}."..}..//2A309CCE73146E96FB63676D6B

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1197
                                                                                                                                                                          Entropy (8bit):5.4715773971999635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPFd4FWZ8+GS85J9gUPIk6J9gU1qqKGfvW//aM6+pTI9HG:Pv4gZ8+GSYJmFJmsfvW1VTIU
                                                                                                                                                                          MD5:8E9C2CCDFB4A03F5521258D4DAD10A44
                                                                                                                                                                          SHA1:3DA1F19EBCAEAE171ED02143943898C613D6B016
                                                                                                                                                                          SHA-256:58E2C4AF21F2AECEF37F3787BD0FBDF9346601634802B617CCF1C9FA98BA5342
                                                                                                                                                                          SHA-512:3BBF2BB2BC7A2D3F76C7A2EF8722D5D683C43D751F31AD74E1431375E7561700118E876DAF5C0A86ED024A404DFFDFAFA2976318BA5DBD39396680562673281E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "Votre navigation est-elle ralentie par la lecture automatique de vid.os?",.. CONTENT_FIRST: "Navigation plus rapide avec {0}. Nous bloquerons la lecture automatique des vid.os pour .viter un ralentissement de la navigation.",.. TITLE_SECOND: "Nous vous le demandons un derni.re fois.: souhaitez-vous bloquer la lecture automatique des vid.os?",.. CONTENT_SECOND: "{0} bloque la lecture automatique des vid.os pour .viter un ralentissement de la navigation. Nous ne vous sugg.rerons plus Web Boost si vous n'est pas int.ress..",.. NO_THANKS: "Non merci",.. YES_GET_IT: "Obtenir Web.Boost",.. LICENSE: "Contrat de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Avis de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "En

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1198
                                                                                                                                                                          Entropy (8bit):5.516846127697029
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPFd4n2vFhChN8zp42hBWxH+3wjq4CfjdW/kXT8n:Pv4n2vbCN8V5ohCfhWZ
                                                                                                                                                                          MD5:5AB999C61567AF63D8B300CB8F4AD48C
                                                                                                                                                                          SHA1:575CD8D48E6D0E8E47EF0F078B6ADDEE2499AF90
                                                                                                                                                                          SHA-256:6D862BC51900C77742443CB50C960F713F070ED23BE2267AEDBCDC763E800EA3
                                                                                                                                                                          SHA-512:DF151B291401FD228B2F63248556BF2AE1E1E6BDC914E39AA1390098DD0A146F597A935CF3A11CEE37F3474AEF9CEB439F122FE41CE008B7F3097A744A676725
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "La lecture automatique des vid.os ralentit votre navigation.?",.. CONTENT_FIRST: "Naviguez plus rapidement gr.ce . {0}. Nous emp.cherons la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation.",.. TITLE_SECOND: "Derni.re v.rification.: vous souhaitez bloquer la lecture automatique des vid.os.?",.. CONTENT_SECOND: "{0} emp.che la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation. Si vous n'.tes pas int.ress. par Web Boost, nous ne vous demanderons plus.",.. NO_THANKS: "Non, merci",.. YES_GET_IT: "Obtenir Web Boost",.. LICENSE: "Accord de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG:

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1126
                                                                                                                                                                          Entropy (8bit):5.5929737504614705
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPuddK6oPnF2h0fPnFvydoZSfgBoW7ZFb8unoVcD:PAoJmyh6fgBoW7ZBBn6cD
                                                                                                                                                                          MD5:D000EC780C028620DF149E57E85B4B96
                                                                                                                                                                          SHA1:FFA1AF0ED8D23282E734E2B61E8A5DC5E39830E2
                                                                                                                                                                          SHA-256:7478901B7DB0D175E9803B9CBC8F0B9BC6BDE51CF18F89D45C359B1E7863DB5F
                                                                                                                                                                          SHA-512:392CA51D2F7A575341CDD32F26C352AD59EB5E3A2C9809291371F61DEC7FB8ED8E2EDC43AC292DAD42E6306E68BD3AA9F977735D8F440C24C5BB0401C73040BE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiruju.e auto-igranje videozapisa koji vas usporavaju?",.. CONTENT_FIRST: "Br.e pretra.ujte pomo.u {0}. Sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Najnovija provjera - .elite zaustaviti reprodukciju videozapisa?",.. CONTENT_SECOND: "{0} sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, ne.emo vi.e pitati.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Licencni ugovor",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na gumb {0} u nastavku prihva.ate sporazum {1} i {2}."..}..//60E0

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1214
                                                                                                                                                                          Entropy (8bit):5.686044216902248
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPUXeUzUbI0mSCkFThSCfHPMDy7n7fn6ocWPNyUhSJGC15:P6Ub06f6ocW1ycC15
                                                                                                                                                                          MD5:F04C3F700B1D9A618945BF197A592F94
                                                                                                                                                                          SHA1:8351E7E24C5287D36E604DAC386485A8A0AD8006
                                                                                                                                                                          SHA-256:83990FF4B3FD6A14475E16288AEAA1BA412ACE77312D1E6357091F37DF863936
                                                                                                                                                                          SHA-512:41E48C90A4D7795B6D6FD425E2B2E6C9E37CECA9A034ADFC3BC2F3E3DF2EE9ECD712EA3841B7B29BCDA750FF83CA7C1A1D8F654340CEC330B139201D6355A2B3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "A {0} let.lt.se",.. BANNER_RIGHT_TEXT: "B.ng.sz.s felgyors.t.sa",.. TITLE_FIRST: "Bosszant., automatikusan elindul. vide.k lass.tj.k munk.j.t?",.. CONTENT_FIRST: "B.ng.sszen gyorsabban a {0} seg.ts.g.vel. Megakad.lyozzuk a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st.",.. TITLE_SECOND: "M.g egyszer megk.rdezz.k: meg szeretn. akad.lyozni a vide.k automatikus lej.tsz.s.t?",.. CONTENT_SECOND: "A {0} megakad.lyozza a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st. Ha nem .rdekli .nt a Web Boost, akkor nem k.rdezz.k meg .jra.",.. NO_THANKS: "K.sz.n.m, nem",.. YES_GET_IT: "A Web Boost let.lt.se",.. LICENSE: "Licencmeg.llapod.s",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1108
                                                                                                                                                                          Entropy (8bit):5.445177805596594
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPMd7T0JakK38gx/SS11ZuBWMfjkWFt8K3/oGhb9:PKX0Jah37yWMfjkWFyK3/vhb9
                                                                                                                                                                          MD5:96F813E0388159704675245E019001A9
                                                                                                                                                                          SHA1:67DCC82E84E8D9D76579321637F11E8A3D501F22
                                                                                                                                                                          SHA-256:675A9FBCA2B4FED8AC9C52403C833626F232FAB3B5A51ADAABD9A1008F2C1663
                                                                                                                                                                          SHA-512:2108451E99086CA1F383417A35F525BCDB36C594166665CF0FC9AEF04B823F623506E092DFF1846FFF66B0D2AAF007DCD8D05323B06DF28F15E5EF784800AC2D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Ottieni {0}",.. BANNER_RIGHT_TEXT: "Accelera la navigazione",.. TITLE_FIRST: "I fastidiosi video che si riproducono automaticamente ti rallentano?",.. CONTENT_FIRST: "Naviga pi. velocemente con {0}. Bloccheremo la riproduzione automatica dei video che ti rallentano la navigazione sul Web.",.. TITLE_SECOND: "Ultima verifica: vuoi bloccare la riproduzione automatica dei video?",.. CONTENT_SECOND: "{0} blocca la riproduzione automatica dei video che rallentano la navigazione sul Web. Se Web Boost non ti interessa, non te lo chiederemo pi..",.. NO_THANKS: "No, grazie",.. YES_GET_IT: "Ottieni Web Boost",.. LICENSE: "Contratto di licenza",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Facendo clic su {0}, accetti il {1} e la {2}."..}..//22509397807425AFADDB89

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1276
                                                                                                                                                                          Entropy (8bit):6.005430500861147
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cl/yRv8dFdqOdsgWOep2Ht+LRvcsvifh2AWtufn7ThXgwkIG:VyRv4dqqspnDRvbifwAWtsPJgwkj
                                                                                                                                                                          MD5:FB76FC02B19FB66CEA9BAC64C588FA14
                                                                                                                                                                          SHA1:B045AE1E35EDA30B7C5BC342C92DBF1EF974D7BD
                                                                                                                                                                          SHA-256:4591276FC32E0938D15E718FEDD49A5402A20001E1633DB642E49D43A4540EA1
                                                                                                                                                                          SHA-512:BDAE9375030813135A62F71EE81CE740BA771769A1E978C5B8E5C1DBD6B434BF69CBE2349E29682478BDCC0F56DDE99F50C0713743065F75383A1A7182DF232A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: ".....&reg; .......",.. BANNER_LEFT_TEXT: "{0} .....",.. BANNER_RIGHT_TEXT: ".........",.. TITLE_FIRST: ".......................",.. CONTENT_FIRST: "{0} ......... ...............................",.. TITLE_SECOND: "...........................",.. CONTENT_SECOND: "{0} ................................. ................................",.. NO_THANKS: "...",.. YES_GET_IT: "............",.. LICENSE: "......",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "........",.. PRIVACY_URL: "http

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1251
                                                                                                                                                                          Entropy (8bit):6.065152294905446
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cxJLqkS5WCtU2htU6iiZTjfbWIYlgkYJtu:rlKi0fbWIYOkiu
                                                                                                                                                                          MD5:01D7894C4F0A7D0A486FAADBBEF53BF3
                                                                                                                                                                          SHA1:6BCF3F14EE8DF64BB31B6C907D7E88D1D873EAAD
                                                                                                                                                                          SHA-256:DEE5AD1000D1CB76839D865FADEEDDA30479A0E84B33584983500475A3F22FAF
                                                                                                                                                                          SHA-512:7656A7F7717DC258E33CB7CE84B5CCFB373CD8078497DC45551E66DF992CFB0A7B4F7BE071432293FAFE0494305EFF70F65F82F7B340F936BF818B27FDE08B33
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; . .. ..",.. BANNER_LEFT_TEXT: "{0} ..",.. BANNER_RIGHT_TEXT: ".. .. ..",.. TITLE_FIRST: "... ... .. .... .. .. ... .....?",.. CONTENT_FIRST: "{0}.(.) ... .. ... ........ .... .. .... .. .. ... .... .....",.. TITLE_SECOND: "..... ........ ... .. ... .......?",.. CONTENT_SECOND: "{0}.(.) .... .... .. .... .. .. ... .... ..... . .. ... ... ..... .. .. ......",.. NO_THANKS: "...",.. YES_GET_IT: ". .. .. ..",.. LICENSE: ".... ..",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1112
                                                                                                                                                                          Entropy (8bit):5.496690529097096
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPymdI+c1iPRRj+7+yR+2nr4rtR++Moj+wnMfQwsHWpx4ZOX:Pyoqg5QJ/etrMojMfQPWX
                                                                                                                                                                          MD5:ED82B8B0815D33E2078D05A64EED3AEA
                                                                                                                                                                          SHA1:92C3E5E055B8C4F73A0C1884975E8E984CEBBB7F
                                                                                                                                                                          SHA-256:EBAF5162874B119EA995F85EB41BD0220F39ABEEFED3EB3D15864D60E01AC7C4
                                                                                                                                                                          SHA-512:7C46259AE5060CC6DC56B28ED7B004884B7753CE7BC3147E805BAD11A13191B058A8712D8B6E31B0675FB60FCB826D2B2CC579C3C6669830C946D445A04A24E1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "F. tak i {0}",.. BANNER_RIGHT_TEXT: "F. opp farten p. nettsurfingen",.. TITLE_FIRST: "Sinkes du av irriterende automatisk avspilling av videoer?",.. CONTENT_FIRST: "F. raskere nettsurfingen med {0}. Vi stopper videoer som spilles av automatisk, slik at de ikke sinker nettsurfingen din.",.. TITLE_SECOND: "Siste sjanse . vil du stoppe automatisk avspilling av videoer?",.. CONTENT_SECOND: "{0} stopper automatisk avspilling av videoer, slik at de ikke sinker nettsurfingen din. Hvis du ikke er interessert i Web Boost, vil vi ikke sp.rre deg igjen.",.. NO_THANKS: "Nei takk",.. YES_GET_IT: "F. tak i Web Boost",.. LICENSE: "Lisensavtale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du klikker p. {0}, godtar du v.r {1} og {2}."..}..//496264484E8BED8A84

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1206
                                                                                                                                                                          Entropy (8bit):5.443359066757402
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPMdeWjkB8UjFpXIMtRBviSqLwz4tRBviV3rEFihdEMtB2pQXbEnWtB221G+p99:PKeWniFpYMtz1qDtzsr7djPuQQWPxGwj
                                                                                                                                                                          MD5:E2110B836D9B395F21EAF5A193846F1D
                                                                                                                                                                          SHA1:C8734B326942C1D16998261CFEA22D7E9931EE71
                                                                                                                                                                          SHA-256:877265F05C7E6ACB0CAF6EE86C831329F3357A1C5440EAF192A35755B7D6BE24
                                                                                                                                                                          SHA-512:F41B3B8701D113049ADFC23792CDB0DB9CC350B7F77D4483762C7521089B5D91F74BCC779D1F63E1553328EA9F824BA01B6187265EEE9D3AD78FE54F8EC8E91E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Download {0}",.. BANNER_RIGHT_TEXT: "Internetactiviteiten versnellen",.. TITLE_FIRST: "Trage prestaties door irritante video's die automatisch worden afgespeeld?",.. CONTENT_FIRST: "Sneller internetten met {0}. Wij voorkomen dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen.",.. TITLE_SECOND: "Weet u zeker dat u automatisch afspelen van video's wilt stoppen?",.. CONTENT_SECOND: "{0} voorkomt dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen. Als u geen interesse hebt in Web Boost, vragen we het niet meer.",.. NO_THANKS: "Nee, geen interesse",.. YES_GET_IT: "Web Boost downloaden",.. LICENSE: "Licentieovereenkomst",.. LICENSE_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. PRIVACY: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. AGREEM

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1217
                                                                                                                                                                          Entropy (8bit):5.6700805556738585
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPGdrelNj+8d2gQwYsklKGoTE3abMfXMGGnWjM/z9eWlrERhH:PIrevjvd2gRcljfmWjteAH
                                                                                                                                                                          MD5:4AA248F4DBA9B7E937ED2DC6AE67D2C9
                                                                                                                                                                          SHA1:BADE0083A61CBAFDD4F3AA9C36629C090AD1A91B
                                                                                                                                                                          SHA-256:2AE4B9F55E29D26760929871A092AE41FB15A5C75E13022628946F2E8AB4783D
                                                                                                                                                                          SHA-512:CC60547BD2AB94F47B2E81DBEB076A32AFFEA3FB5D11A39AB2AF387D5E060AEEB216C68BF7DC865C5E5107BF5DFBB3460D9893FBAA021D9282A72FA94541A85F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Pobierz produkt {0}",.. BANNER_RIGHT_TEXT: "Przyspiesz przegl.danie Internetu",.. TITLE_FIRST: "Irytuj.ce automatycznie odtwarzane filmy spowalniaj. Ci prac.?",.. CONTENT_FIRST: "Szybciej przegl.daj Internet dzi.ki programowi {0}. Powstrzymamy automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci.",.. TITLE_SECOND: "Sprawdzamy po raz ostatni . chcesz powstrzyma. filmy przed automatycznym odtwarzaniem?",.. CONTENT_SECOND: "Program {0} powstrzymuje automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci. Je.li nie interesuje Ci. program Web Boost, nie spytamy ponownie.",.. NO_THANKS: "Nie, dzi.kuj..",.. YES_GET_IT: "Pobierz program Web Boost",.. LICENSE: "Umowa licencyjna",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1162
                                                                                                                                                                          Entropy (8bit):5.5107078162206635
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cP4djLetDhf8CL369L3yM03Byf9HWfOBIolfBLD:PmjLifLq9LCMhfBWGBIollD
                                                                                                                                                                          MD5:887A302F32B6C5833304E3DCF8CACBD9
                                                                                                                                                                          SHA1:C6BAB3BBDB718BBA28439D942059ACE2F698FAC6
                                                                                                                                                                          SHA-256:819990A8D3616CD8E75C4113DC58AFD3F63A9B1964C9BFF71410A15E9336178C
                                                                                                                                                                          SHA-512:D12E5F9F3E16EA4CCCD3513406FDA71806934653AB48149C5C769A44B449F036D2E1596B3EA1D252418812600AEE9B4E1C883E90B2AD4C9D8AE7D248096A81F9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenha o {0}",.. BANNER_RIGHT_TEXT: "Acelere a sua navega..o",.. TITLE_FIRST: "O v.deos irritantes de reprodu..o autom.tica est.o atrapalhando voc.?",.. CONTENT_FIRST: "Navegue mais rapidamente com {0}. Interromperemos v.deos de reprodu..o autom.tica que desaceleram sua navega..o.",.. TITLE_SECOND: "Conferindo uma .ltima vez. Deseja interromper a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "{0} interrompe v.deos de reprodu..o autom.tica que desaceleram sua navega..o. Se n.o estiver interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obtenha o Web Boost",.. LICENSE: "Contrato de Licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, voc. concorda com

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1147
                                                                                                                                                                          Entropy (8bit):5.5124495727770295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6dJkfeI3duQBCXV9j8/TfYGCAVXAxuQ3oKtcnEheASulWZhHjDkE6pRY8gHwGbq4:6cP3dWF+fYGGxf5SQ03x6Sf9HW3Xmfk2
                                                                                                                                                                          MD5:DF620B4314E93736FF7C71147BCE037A
                                                                                                                                                                          SHA1:243692569F8B832F918AC5006261D5572DD2B7C0
                                                                                                                                                                          SHA-256:65B5BF52B5491DC090F026A0323CEBB0B05D048FE85AB6B6EEE84BBDCE59CB69
                                                                                                                                                                          SHA-512:B23BC4D7E38985A271FB18FF4727D32654E7C8C9555B907998F75478F9D1030B390F246B8B0421F39EC0FA73C99074A7E32E95373EB9798F8AC44809B7EBFBDC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obter o {0}",.. BANNER_RIGHT_TEXT: "Otimizar navega..o",.. TITLE_FIRST: "A reprodu..o autom.tica de v.deos . inc.moda e atrasa o seu trabalho?",.. CONTENT_FIRST: "Navegue mais rapidamente com o {0}. Impediremos a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o.",.. TITLE_SECOND: "Vamos confirmar mais uma vez, pretende impedir a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "O {0} impede a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o. Se n.o est. interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obter o Web Boost",.. LICENSE: "Contrato de licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, aceita o nosso {1}

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1673
                                                                                                                                                                          Entropy (8bit):5.253020883068515
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPMd9+PJr6H30J3vlfL4qR30NZHxsVyY3DM30NZH6Xho4qs35sngONfQrWWFw0B:PKgN6a39f9+sVX0Rws35BONfQrWWFLM0
                                                                                                                                                                          MD5:5DD3091205864CC054B2BED7AAC0C4FB
                                                                                                                                                                          SHA1:515AF5F30D759F6A499358188B3A6215DC3BFABA
                                                                                                                                                                          SHA-256:245289AC6A8466C5CEDD37475851622EFF28D4E4A9BD0475B09B9628ACD2F0B3
                                                                                                                                                                          SHA-512:8E57FBD23DFE6AFEC389FC89C9202BD36DBE7FF0ACFAF30A81183633D7A43825EC2075627B8B85DD9E1639925507598AA836BCC05F90C997B8D450D045A18897
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "........ {0}",.. BANNER_RIGHT_TEXT: "........ ........ ........ ...-......",.. TITLE_FIRST: ".......... .............. ............ ..... ...... ........?",.. CONTENT_FIRST: ".............. ...-........ ....... . ....... {0}. .. ........... .............. ............ ............, ..... ........ ........ ...-.......",.. TITLE_SECOND: "........ ....... .......... ............... ............ .....?",.. CONTENT_SECOND: "{0} ......... .............. ............ ............, ..... ........ ........ ...-....... .... ... .. .

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1171
                                                                                                                                                                          Entropy (8bit):5.761957648272607
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPGd2mcJsq8vMi8zJ0+46fQXwWjelzfhthovQo:PINesPtKFfQAWjwzjhmd
                                                                                                                                                                          MD5:558DE1A054602D76385CFBD74DB161F4
                                                                                                                                                                          SHA1:9052C94BF3728E795E9B357C0AA536E271CAFD0B
                                                                                                                                                                          SHA-256:6E1029A70C282EB6878477EA62417609947C9E4FD59CAF5CD5976F697DB21FB9
                                                                                                                                                                          SHA-512:EDBF31E8755EE5D4BAAA157C3DB387779E78EB587479C1324C071D9D06C279C09B3A52B444FCDBBE662BD3BEC841DF119983383314CC97AB054F0DFC4D7514E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.ska. produkt {0}",.. BANNER_RIGHT_TEXT: "Ur.chli. prehliadanie",.. TITLE_FIRST: "Spoma.uje v.s otravn. automatick. prehr.vanie vide.?",.. CONTENT_FIRST: "Surfujte r.chlej.ie s {0}. Zastav.me automatick. prehr.vanie vide., ktor. v.s zbyto.ne spoma.uje.",.. TITLE_SECOND: "Naposledy sa p.tame: Chcete sa zbavi. otravn.ho automatick.ho prehr.vania vide.?",.. CONTENT_SECOND: "{0} zastav. otravn. automatick. prehr.vanie vide., ktor. v.s brzd.. Ak nem.te z.ujem o Web Boost, nebudeme sa op.ta. znova.",.. NO_THANKS: "Nie, .akujem",.. YES_GET_IT: "Z.ska. Web Boost",.. LICENSE: "Licen.n. zmluva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prehl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kliknut.m na tla.idlo {0} ni..ie vyjadrujete s.hlas s

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1112
                                                                                                                                                                          Entropy (8bit):5.570641306627158
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPud3hBmY2dFwHPhtDmY2dFWoZ1fjjWxOxwzQ:PA3hBmY243mY2HfPWxOaU
                                                                                                                                                                          MD5:20B2EEA989F913978CB658F552C77CF0
                                                                                                                                                                          SHA1:A18E6054BB1B11B1CFC5461E22E69DBF112C7CC0
                                                                                                                                                                          SHA-256:74185F6279166C70E47A5B0E2C5F53E39364F916028296CCC30AA98D8349B915
                                                                                                                                                                          SHA-512:7F232B59898334536C2B07E2ABABDC2908868C2873CA0D28407A4AFCB254637D8F66C3D60D19F36386E0BFBC262D9A2564C55818CC6E7715CE2530D2EAF49F12
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiravajuc.e auto-video snimke koje vas usporavaju?",.. CONTENT_FIRST: "Brzo pretra.ite {0}. Spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Proveravate li poslednji put - .elite da zaustavite automatsko reprodukovanje video zapisa?",.. CONTENT_SECOND: "{0} spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, nec.emo ponovo da vas pitamo.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Ugovor o licenciranju",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na {0}, prihvatate {1} i {2}."..}..//04AE79C9BE25E98BB4

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1116
                                                                                                                                                                          Entropy (8bit):5.608523955833537
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPYodlhp2AtRW5Tm0XECCyK45Tam0XEEHh6qrTojI/HfMXGWNI5WmKO+bO:PYWXYAbWRmsEkTamsEEBbHYIffRWqpKQ
                                                                                                                                                                          MD5:29C1808A36FAB01F0A16BB89052E4603
                                                                                                                                                                          SHA1:C0602D3A5F476076300BEE133A012A9AA98A51CA
                                                                                                                                                                          SHA-256:3215360E7DCE6F598F5EDEF1BC6A2088715689683400E955A7C776C8DA85693D
                                                                                                                                                                          SHA-512:C71001668BF21DC36CF88FA68BE8BED8B214A6F45BE7C3418A578D58A0A39711FF1F29EF7FFE0DEB1CC060D5E6ED163E0F856D1B7B78535017AFA9B275A5A8FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "H.mta {0}",.. BANNER_RIGHT_TEXT: ".ka hastigheten p. surfandet",.. TITLE_FIRST: ".r datorn l.ngsam p. grund av st.rande automatiska videoklipp?",.. CONTENT_FIRST: "Bl.ddra snabbare med {0}. Vi stoppar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande.",.. TITLE_SECOND: "Vi fr.gar f.r sista g.ngen . vill du stoppa automatisk uppspelning av videoklipp?",.. CONTENT_SECOND: "{0} f.rhindrar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande. Vi fr.gar inte igen om du inte .r intresserad av Web Boost.",.. NO_THANKS: "Nej tack",.. YES_GET_IT: "H.mta Web Boost",.. LICENSE: "Licensavtal",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Genom att klicka p. {0} godk.nner du v.rt {1} och {2}."..}..//FAC366FD80549C

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1173
                                                                                                                                                                          Entropy (8bit):5.6698292539374044
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cP/XRGHmeqM6+bBNLefXtexcJYOEvKxUew53ksNefXtexcJ6dp7hVE9tClfs2QU:P/XRGHmelbBFevBuv7ew53NevBS1nwOx
                                                                                                                                                                          MD5:A47E52695D26A9D44A52C95891C5DAAD
                                                                                                                                                                          SHA1:238E7986F01B4CD1EF0007FFDA47982F1F2DDA6A
                                                                                                                                                                          SHA-256:8A2BE15BAC94FC4C65F85AB47F1FFE82E1A9FF92E27536BA0E729654134ECA64
                                                                                                                                                                          SHA-512:A2AF1912171ACE4B619265DCA28FB0635BD948CE4496654340DBAF9AC30688FFB409DE3D4F4C30E89DFE71EB7B0BE22A7E71799BEA93A0F308DDDC2F3C7299A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} Uygulamas.n. Edinin",.. BANNER_RIGHT_TEXT: "Web'de gezinmeyi h.zland.r.n",.. TITLE_FIRST: "Otomatik olarak oynayan can s.k.c. videolar sizi yava.lat.yor mu?",.. CONTENT_FIRST: "{0} ile daha h.zl. g.z at.n. Otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdururuz.",.. TITLE_SECOND: "Son kez soruyoruz, videolar.n otomatik olarak oynat.lmas.n. .nlemek ister misiniz?",.. CONTENT_SECOND: "{0} otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdurur. Web Boost'la ilgilenmiyorsan.z tekrar sormayaca..z.",.. NO_THANKS: "Hay.r, te.ekk.rler",.. YES_GET_IT: "Web Boost'u Edinin",.. LICENSE: "Lisans S.zle.mesi",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "{0} d..mesine t.klayarak {1} ve {2} ko.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1062
                                                                                                                                                                          Entropy (8bit):6.421114200378586
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cyPdC/0RFVLakZxaoK4K1nfmHWMm3YmSJSyrqs9GZujn:yVC/0VLvLVSf4WMPmMSyz9Hjn
                                                                                                                                                                          MD5:635F2A0611035E12DBD5A05796795F56
                                                                                                                                                                          SHA1:F0A32248F74D5EBCE6FBA778AEBB373A0754AE53
                                                                                                                                                                          SHA-256:B440D737480AECDBCC21AF7D7479CB7604F0DC245CE97F2C009DEF17967E0816
                                                                                                                                                                          SHA-512:1AAD70B7ECF4D2342406C1A93E124B0CC1D8AE06FAEAA63D0DCC4858C8F30DA62F6DD5D2A8E2DEA7D378442AF8D1B2A0A89D5AD3D373E877CCE70E0A3A225F4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "...&reg; Web ..",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "......",.. TITLE_FIRST: "....................?",.. CONTENT_FIRST: ".. {0} ........ ........................",.. TITLE_SECOND: "....... - ...........?",.. CONTENT_SECOND: "{0} ...................... .... Web ...............",.. NO_THANKS: "....",.. YES_GET_IT: ".. Web ..",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0}.........{1}...{2}.."..}..//DA967F30A8397D87D36DCF865371223DB42D757877A05E23F893E2F4F82CF12F2293

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1018
                                                                                                                                                                          Entropy (8bit):6.3837742402318005
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6cPGdRXudZh7df/9cIDlcFesbfOKU6D8Gfg1WJ9xIKHk:PIBudv5H9cIDMy9opfg1WJzg
                                                                                                                                                                          MD5:9E05238B81150CA18CEF8E66BD797CE0
                                                                                                                                                                          SHA1:4421AA76C2A28C879E87A9242A6597D62E910297
                                                                                                                                                                          SHA-256:CB56CCA7ED6A897A9E261344CECBBFDB5D6F089487D476BF386A3B3AE1135A5A
                                                                                                                                                                          SHA-512:F68354A2B07F788E144B5C6EE8A9721FD33A6B72317CFCDBC7BF173622AFE8A82FB51A26029D152EB72CABD87D948E09D829888BE9F36A2710EF68D73125F04C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "....",.. TITLE_FIRST: "...............",.. CONTENT_FIRST: "..{0}....... .....................",.. TITLE_SECOND: ".....................",.. CONTENT_SECOND: "{0} .................. ... Web Boost ..............",.. NO_THANKS: "......",.. YES_GET_IT: ".. Web Boost",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0} ......... {1} . {2}."..}..//42C12F96FD2519022C33BDB7AC557CECFF9F9EFF2C6F5652DD1BC4DCC7995D9A6B8931EE4D5DC460A1E45462C6DCDB43541650932759178C

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-cs-CZ.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.255815433151384
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Acq:+sv+K5+CtTFCqsUz0AUoey+Acq
                                                                                                                                                                          MD5:09FE12E7B96C35AB16275AAC9490E159
                                                                                                                                                                          SHA1:0A7BF96950CCDDBDE7E96797E26684E8E0944DFE
                                                                                                                                                                          SHA-256:B93A8AD83FE4F8C51C5ABE313A28C5CBDB0E7DA2A551419EE7C341871EEF1A0E
                                                                                                                                                                          SHA-512:0A21B76054D7C96E3F651AAF414598878F2FC889CA3E7538014A7EC07FD106536136513AC0367321BB9E46A7BDD9D82E9D1A0DF3413FF6FB078E27C53AD9C59B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-da-DK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.258749941419516
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+fmO:+sv+K5+CtTFCqsUz0AUoey+v
                                                                                                                                                                          MD5:8D9FE269136A5DF4FFE099F9FE8B4002
                                                                                                                                                                          SHA1:F34E58A062622A0D99D16DC2232B98391B07FCDC
                                                                                                                                                                          SHA-256:66D643DA365997B123D65F98E68AD2AFF2547B8F25C0D68CC5D6DED8873798EB
                                                                                                                                                                          SHA-512:68C3925090228934195645BDDFE0AB7D91EEA63A47540E442A761B775CAC87929203A4056CC1BE2EB88E44B77E54D799EDFC79AF05ED7C839AE332C76D2549B9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-de-DE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.2549369997060795
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ggDJZ:+sv+K5+CtTFCqsUz0AUoey+gmj
                                                                                                                                                                          MD5:E35D0D20EA41CD143C7D31A901FA8A32
                                                                                                                                                                          SHA1:CEA9DA88E29C7B7D5628A8406658033E1577F699
                                                                                                                                                                          SHA-256:872EF7BCC59BF8E5CF85C674ED0E633A5EB24E629A6503A32BFC8E15BC750FCF
                                                                                                                                                                          SHA-512:7A654D4EF451615BF749567FAD96922AC8E9767222D0F457028EF7E053081FA3889C54AB9E3C8A5EBD5EE4D66EF5CF0AE2A1B79C5E8A3C7BA26848C3EE437DFC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.258626910218937
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+aC:+sv+K5+CtTFCqsUz0AUoey+aC
                                                                                                                                                                          MD5:E1AB8C2442B2032745741C8387A44921
                                                                                                                                                                          SHA1:1F9788F1205BAB4ED35235F126A58EE8285F9B0A
                                                                                                                                                                          SHA-256:DF6AF6D8FC279CFDA071EB2EE78C2FCC056B03AE9F9FBBF714ED354B78E75432
                                                                                                                                                                          SHA-512:325F114C3ED7890F85411C2795F11D7756726FB8BD31F06EF57F5F6ACE58757BACD4057C6AB539839588E78D02779019FA23480EB1A846F1CBA3FE3EBB621129
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-en-US.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.26473179591435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+HP:+sv+K5+CtTFCqsUz0AUoey+v
                                                                                                                                                                          MD5:7E536037355A4C8EA13AED6EDEF9DA4D
                                                                                                                                                                          SHA1:B115858D0A1155EF74593617F3FD530FB1A8291B
                                                                                                                                                                          SHA-256:B57458084F1C6289464D5D11749F3DE67CB44D997DE2843E5BCD357CE7DC1EBC
                                                                                                                                                                          SHA-512:D688AA9FFB3CEFC5A0E78D95817B760632965C9469DBAFBA3672B576E618FEA37745779C957E0DDD605FC4DEFAF053587F641D5F92E83098D234D108EC880092
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-ES.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.24948020806169
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+rq:+sv+K5+CtTFCqsUz0AUoey+u
                                                                                                                                                                          MD5:AC41CD01C5C11D401371B80BCD2E9AEF
                                                                                                                                                                          SHA1:641298528F0449266F0057849D46B94B70052010
                                                                                                                                                                          SHA-256:A5990EACEF537A81CADC4611C4F6ED48307AB98CDBB62B3D602321BF730D90D8
                                                                                                                                                                          SHA-512:31B690DC064269D23CCBBC36463E968439CD229475517FBB0A7B5DEC5346DBE119DDEC68C16B84ADE7795DEB782B12434A995EF64B081984BC45758228C80EBD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-MX.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.25725111754855
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+I27:+sv+K5+CtTFCqsUz0AUoey+I27
                                                                                                                                                                          MD5:D139AA10295D4D66CCA63FFCCE9034BC
                                                                                                                                                                          SHA1:07B2D175355CCC53FC778727B6B073C7A927CB23
                                                                                                                                                                          SHA-256:6246C9C3EE0BF94448B0B5548773B7FCAB27C7F94BF73C4CE3DA8502E6BD6132
                                                                                                                                                                          SHA-512:99A48E6E090ACCA0AF3EE6462503A1F6DC7405A2FCF9425F3834F790F4F7C9E54CAFF4AE2C9B3FF9509B9473A032CBC4381DA6636ACADAA351C96215A29D4A98
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fi-FI.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.258169866605646
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+h+dyaZ:+sv+K5+CtTFCqsUz0AUoey+hm
                                                                                                                                                                          MD5:B85ABB5D7F27AC91BF9EF84B5C3F8DA5
                                                                                                                                                                          SHA1:3B02A6BFA38525E275AC11A5D39F27E923B83747
                                                                                                                                                                          SHA-256:12B221759491901EBB0A3F27B17BD615FD11F02061BBD171E1D8B022B3217721
                                                                                                                                                                          SHA-512:1081D7D0AA811A2A275AE3A9937B7C2AF79534BBDEA646467EC97460EA0E822D70BE97F76E7ECB02F39C0A86564860576E7F6593452D48D30F407FB1F18E07DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-CA.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.260510627760021
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+9pc/:+sv+K5+CtTFCqsUz0AUoey+9+
                                                                                                                                                                          MD5:73FF3BCCDF7C1CE2739C762A9D79BE79
                                                                                                                                                                          SHA1:145AE5141F73E99C8087141C52BDE36A716B09F4
                                                                                                                                                                          SHA-256:E4F4E6BCE8482DA96ABDEEF2319C6C211BF6ABF4D976C9A4AE01DD6B0E4EEF3A
                                                                                                                                                                          SHA-512:02CF71D13AC5C4DC34A9EFD39C31A9F2131C10F9E9623444CBDB9C8320CC899D5611282AC8CF07233CB8023C24D584D2DE0243E3BA0675223D52203169072263
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-FR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.25607038325692
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+kp+1:+sv+K5+CtTFCqsUz0AUoey+u+1
                                                                                                                                                                          MD5:5461449179F53521618D358AA2399C95
                                                                                                                                                                          SHA1:8114987C08ED15AA6372899C7405C728AF02365F
                                                                                                                                                                          SHA-256:9E6D35A5E3F71E7FB4D0503FED68181305CC5BF7557B3B532F29785AA7F3502D
                                                                                                                                                                          SHA-512:DADCC0160A219045C4C752BA688F6ECE9A9DBA099BAE80D2A843E5E965BF6B3019697DE2B5ED1F80AE584A55DAE4E226C889ED92DD6DA286312D57B520859349
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.260888352905892
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+jpOnumQOev:+sv+K5+CtTFCqsUz0AUoey+9ZmQ3
                                                                                                                                                                          MD5:604FF7C86E5A753DB6140217807081B1
                                                                                                                                                                          SHA1:78CFEE03DCFEBE9F3D21ACF10D643E93F0410947
                                                                                                                                                                          SHA-256:658D263EFFF36A0C8E57D58F5D146696266618D869732A4F57CBAACB8B937E9B
                                                                                                                                                                          SHA-512:764BE04E4F10B9C2C9A2BE69A10AD570AC146008DF9BD5485FC0DE81BCE96C084BD68F46A1BA24E51E6258498EBA3DDC3BB38DAF5178C79F9D4CD031A7CC411D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hu-HU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.266427629105407
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+eq8ee:+sv+K5+CtTFCqsUz0AUoey+eq/e
                                                                                                                                                                          MD5:568912B1E4655CDD8ABEF25C2D9EB64E
                                                                                                                                                                          SHA1:46936BCC2D6E924F4E608286447E93A9E7AFBA8A
                                                                                                                                                                          SHA-256:A4ADAFD5A6EE98640F4C45446436CCAA299CBB571C4EAF17207CA5EDD0BC4B88
                                                                                                                                                                          SHA-512:C723CE14D9E4C6B22C46ED9D1E8D1751D97778A671E055D1CF10A456C5CC096B52D660EB23E40BB61EA5F6B071F66BC6A015CEA50B481617AC3985B37A59688E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-it-IT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.2456289487653285
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+x6y:+sv+K5+CtTFCqsUz0AUoey+x1
                                                                                                                                                                          MD5:728DA5B1FBA9401D5954B173DB414DFC
                                                                                                                                                                          SHA1:ACA844DEBD3C8F284D19E16D50151E004DDDF656
                                                                                                                                                                          SHA-256:EC051DCCABF2CECEB0F216BB8911F5EED4E64AD598A228008F2AC72F769CB8B9
                                                                                                                                                                          SHA-512:2C4A9A746E937FCCAA161BFBC368DC5E17C37941A8DC8D7153865C43EFDE2C7395DB4BE6E0D95D56C22791DED84402960C301BEC21EEFC7A1939F81092FFC878
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ja-JP.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.261577620433791
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+jBbNr:+sv+K5+CtTFCqsUz0AUoey+1B
                                                                                                                                                                          MD5:A4781D22BC1BA74F63A8E62AB9A4D987
                                                                                                                                                                          SHA1:89DB90647D0539C7B6A65ABE7049C5DEC4733B7D
                                                                                                                                                                          SHA-256:91B20B7B40EFBE8185F3BA2E3C53BBDC58AC0F68A028873D37951578C28BD08F
                                                                                                                                                                          SHA-512:7BB38C51ADFFC7EB2AA5F4E1753BAEC15043A54887B0793B9210F74FB577975663BB8BB5FFF9838B7A342D7908893972838E6A48A28AA8181C4059EE30A3599C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ko-KR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.249923494889432
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+X:+sv+K5+CtTFCqsUz0AUoey+X
                                                                                                                                                                          MD5:C875E4673332B21AF00F0A2F2A98A4D0
                                                                                                                                                                          SHA1:AB152736BFAAE6F3C0D1780730257DFBC65F0A4E
                                                                                                                                                                          SHA-256:C8B4304C22E2EDE9FE6A4D6DDACE9446D9F1F5A12806CDC4B030214C99A3973B
                                                                                                                                                                          SHA-512:EFD3411B3FF6B02C42B3373A8F2C2B9CE6D8E7443B8A4F5F43421166FA7737DAB4635446019EFDB0AA3796319494E874EF4E6AA51976583BC6F2FFFF9EE19980
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nb-NO.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.249500943614529
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+9jC:+sv+K5+CtTFCqsUz0AUoey+9O
                                                                                                                                                                          MD5:FDCA9C26797C23FFBA696632DA5AD10A
                                                                                                                                                                          SHA1:5A11B096812CDFAB01732620C1801465D14BAC95
                                                                                                                                                                          SHA-256:6672D19A7833DCCF5139573657910053F040FCF05326CC112CB66C171AAB6FF7
                                                                                                                                                                          SHA-512:93ECA0BFDFFA98EFE26E9446650B8A8831DB80B1994D9855F527D4CB7DCBC098938F411B1EFDFCB4D61BF8B859C5A94B879C57D162CEFFED2D63DCE44A6F6CB0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.246937070314897
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+TDC:+sv+K5+CtTFCqsUz0AUoey+TW
                                                                                                                                                                          MD5:3EEA13D100ABAE41A13E345689E4F262
                                                                                                                                                                          SHA1:8C14A8874BDE4632FC85ECA470C4CD6179292BAF
                                                                                                                                                                          SHA-256:DA482FCE7F9444CB4750BA11B21162CAFC09ED16551074FF944065F7146A7DE1
                                                                                                                                                                          SHA-512:31435BB41CCDD3285A9279AEA89CBAD6FCFB703A9F783C88C93D21E1FB6C0498754EBA1E322800BECB546FFF1B7DBE348647D9C388AFFC42DDED9A792EF9A991
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pl-PL.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.253179062882507
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+R3wlF:+sv+K5+CtTFCqsUz0AUoey+dQ
                                                                                                                                                                          MD5:48D45A955DC961FDF220ADE6DEF69793
                                                                                                                                                                          SHA1:5CD0F5BCA17D5C5626678F31D215CEEC6A27F96B
                                                                                                                                                                          SHA-256:9984C016483DF6E8B3552451534C4E18B42CD3D827F4C369BDD574BB5E5B1209
                                                                                                                                                                          SHA-512:B47FCE991257C036468A66B5DF2C72F1BF2D4FB95A607E3CFCB4A091134DBAFF567AD20592A615F1051171ABE4AFBD25E75F0B85A80B21A3BCE65803DB5BCABE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-BR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.262451795310626
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++mq8p1Q:+sv+K5+CtTFCqsUz0AUoey++mXPQ
                                                                                                                                                                          MD5:D956575A64DE678908FFB8CEFC2D6B39
                                                                                                                                                                          SHA1:2ACE5530B16B6A90B51C23FB48147331EFC0C08F
                                                                                                                                                                          SHA-256:AADEA0781FF909FEA482CF7EF2298B1D7151BFE51C0966690F6EBC7E7A25994D
                                                                                                                                                                          SHA-512:058D20B8B1730C715992ADF60304277F307644236517ADF1E8A815E874EB965A3BCA6290593A832ACABBEDCDE35FE446BEBC8E96F9C5FC3DD6182CB8F19DE181
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-PT.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.267063923875303
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Of0H:+sv+K5+CtTFCqsUz0AUoey+H
                                                                                                                                                                          MD5:95C6E5167BF31C0F915EED7163A930B8
                                                                                                                                                                          SHA1:9A9A108F6E42BFBE92A27B1806569CAB962DDB9D
                                                                                                                                                                          SHA-256:EF1D54ACCC383DE429BB0487C045A63A01BDAB8FBFA0CFC807F9AD3836F76CB4
                                                                                                                                                                          SHA-512:80A3EBE515C43C40DE24E7A24FAA0AA83D756D6FA317FD58D5940DF776D04D19E35F3CD524C1EFC22F3C1CB05B9134BBA04904252B24C9FF955C2C99F4D10CC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ru-RU.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.257459656988995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+cx:+sv+K5+CtTFCqsUz0AUoey+cx
                                                                                                                                                                          MD5:B55FCCA4A4CC4FDDF428CF3D41DC5FAD
                                                                                                                                                                          SHA1:489F21E89EA446A47D865B3A08090D1C545296A3
                                                                                                                                                                          SHA-256:D6C1C7C20335FB7CE04FA077F8462DE9B64D81E454CD5B695A376C06BDCF3563
                                                                                                                                                                          SHA-512:7539E9E912E567FC7FD471506B5980E07B25166E58B5FCC876989C29982665E7D2612524BFB8D8CEC78E2CB2E1EC9FCDEA8B771FDDEB88698F5B98373CFCAD30
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sk-SK.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.250747676593963
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++BH2+h:+sv+K5+CtTFCqsUz0AUoey+CH2+h
                                                                                                                                                                          MD5:93FCBA60FCE4A902457B19D483D1EF37
                                                                                                                                                                          SHA1:C20ACE7F4A5DAB11496ECAFE3810C2D0EEE11E60
                                                                                                                                                                          SHA-256:533CC246A0375F2330D0CEC542BEC87040A42BEDD2B0D693EC06EA12E785BCDC
                                                                                                                                                                          SHA-512:33D3483B1CE08CAB5161725DD0E8ACFEB130F953ADA9B65A208C36E4215E48B2C4432B95A1EA5BC118D9619610FC4369152F3C41006015939B67710F801B08FF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sr-Latn-CS.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.264120563543988
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ugxH0OX:+sv+K5+CtTFCqsUz0AUoey+XKOX
                                                                                                                                                                          MD5:4E16F2DF0C5AE0730112815DBA14EA73
                                                                                                                                                                          SHA1:599CCA3A2CC02AE81BDA230ACBA2C7A2A7C4FAC9
                                                                                                                                                                          SHA-256:205A2633ACD1EC30491A5556172C5281E41C23B0237530EBDC8517CC0C64ECA7
                                                                                                                                                                          SHA-512:E286AC531471A82A92C2817AF2C06E079F79D71E3C0F4FC8007E59A8C0AB6A206BC170876B6AC336FDE56D0F6DF217B86119DAFEA3A3F87EA9B04D9D6D1B16A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sv-SE.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.2547729771089555
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+BiOBO:+sv+K5+CtTFCqsUz0AUoey+B7E
                                                                                                                                                                          MD5:C28AAD7101D47619F5A140E967C7285D
                                                                                                                                                                          SHA1:53101D540DAC65CA09EB40E2E0D214B11E90A11F
                                                                                                                                                                          SHA-256:77C27A824B50D0CC00591DD12513EA2648F1EE693A93E08D846CED2B467EE914
                                                                                                                                                                          SHA-512:DF65933B7625CB9109D53F2CAD260201CAFED80CA9597C6CF57797D4C121A1F445F6726D1EF457FDBEBC7CB12A3584A8E1EDFE075E39D9964EC4A115B87DB438
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-tr-TR.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.256845597743145
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+oj8:+sv+K5+CtTFCqsUz0AUoey+oo
                                                                                                                                                                          MD5:1CF522B93D68580DC403017497715104
                                                                                                                                                                          SHA1:820F27C0745DB2943E531FE66FD90A6320039849
                                                                                                                                                                          SHA-256:0C679C6DE3944586EA09F370506E398E220211E6D312B2A9F34CFA790F79AD04
                                                                                                                                                                          SHA-512:3663E24C57C87348D8600206CBF368F2E53A441967A5256467DE8E0609EA602A48E58F3FA790A29457E7F0E80F0F9F9A09E10046602C32323B8E41819562B68F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-CN.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.252334490525137
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Gg7:+sv+K5+CtTFCqsUz0AUoey+Gg7
                                                                                                                                                                          MD5:0D3BFE421022498BE9051237F86FC49D
                                                                                                                                                                          SHA1:7F1C25D6CF27ACE555540A5734D7FE8A2994E8FA
                                                                                                                                                                          SHA-256:E2ADEC91EB998B4D67F8237C8375E611011752C949017BB28394CA1849E62917
                                                                                                                                                                          SHA-512:4480837D5760DBD1FA9C94BFE93DD894D9A5F81AED3100F9C8E446B1537D6FB9A8071B4F0D68F577AD5510CD2BD1FF1DB3DC1AC22B38C96A0E06E6C338F367E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2380
                                                                                                                                                                          Entropy (8bit):5.252688604348839
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+5Lz:+sv+K5+CtTFCqsUz0AUoey+5H
                                                                                                                                                                          MD5:B11557016DF48AEB013C9E883C8B2894
                                                                                                                                                                          SHA1:4F58C7F0A0571AB3F62D564413C5B7580D1DB536
                                                                                                                                                                          SHA-256:7C066023DEFE028F546EBDF290A1B226BFDCE8903195AA811C12FEAFDA60D5D9
                                                                                                                                                                          SHA-512:2F3DC52C555ED1B4865FB69150E7308894ABC751F56832A805E7CEB05C1F61421FAF1A64F98C6022502182985FABDB33D008D7C7C11C84E45845C96667AB9C00
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2893
                                                                                                                                                                          Entropy (8bit):5.5085933045855295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:+eV+P0Xb5sb0Po/U0cHLKDJea6xVIfXUckHUTkZ6yXbo06Ev+3TlJR9Y:+GLrPo/aHLZBIfsn8JY
                                                                                                                                                                          MD5:2D4A669FDE1A14F55CDD7EB0EF287C59
                                                                                                                                                                          SHA1:A43F895B5E2C6242AB0F4432D447B3E9838CD49D
                                                                                                                                                                          SHA-256:91D67E5AA2345B028163226FE40999E64CFE7B9EA231794E0268E636FD0E7D71
                                                                                                                                                                          SHA-512:F87E4D980DF816E2FCCCBC3E374EFCD3FD8CB3C4B2DC27610FAB2BD320899C9578ED054EC2B769293DE8CB17AC2EAEC5B205321615F9A15168FF60E407FF3A8D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ.......... 6...9.......9...'...B...6...B.......X...6...9.......9...'...B...+...L.......9...B...6...9.......9...'...6.......B...&...B...L....tostring)[BL]: is_aj_blocked: end, returning .is_active1[BL]: is_aj_blocked: standalone installation.get_oem_implementation.[BL]: is_aj_blocked: start.info.log.core........O6...9.......9...'...6.......B...'...6.......B...&...B...6...9...9.......9...+...-.......B.......X...6...9.......9...'...B...+...L...-...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...-.......'...B.......X...6...9.......9...'...6.......B...&...B...+...L...4...6...9.......9...'...B...'.......J.........Ewacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html8[BL]: aj_logic.get_template: returning toggle toastJ[BL]: aj_logic.get_template: current extension annotation setting is .ALL..GetBrowserSetting1[BL]: aj_logic.get_template: suite is active;[BL]: aj_logic.get_template: AJ toast was seen already.does_browser_setting_exist.BrowserUtils.utils. and

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1804
                                                                                                                                                                          Entropy (8bit):5.794129827458554
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:5y/BcaU1lu6t2gCqXXm3Oh0KxAACL/w6ns:5y/BcYUtiS0KxApL/s
                                                                                                                                                                          MD5:D57F36EB1F2C6F2685EB68A6939F718F
                                                                                                                                                                          SHA1:70BCA36AA02B54ED2B80C084F3E15B3D39E7821A
                                                                                                                                                                          SHA-256:600D76503BEBF9EAC51F5F6FBE4265E362F11EDA723DFC8DDE006D579AC4419A
                                                                                                                                                                          SHA-512:F4F48C102E397EF639311F40A97B8C97ED905143434C3F4B918B5A5837FC7EFE4DB1A3290FF7D0702E9A0680D3D6689CE7CCB8222985E765E5BAA1ECB8F1732B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..8.......=...=...=...K....providerName.providerId.priority........+...L...........+...L...........+...L...........+...L...........+...L...........K...........K...........+...L............6...9.......9...'...6.......B...&...B...'...5...'...J...]file:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.html..."secure_search_toast_variation..?wacore:mfw\packages\webadvisor\wa-ss-toast-rebranding.html.tostring0[BL]: calling get_toast_template_path with .info.log.core........'...L....default........'...L....DefaultSearch........+...L............6...9.......9...'...6.......B...'...6.......B...&...B...6...-...B...X...6...9...9.......9...+...............B...E...R...K......SetBrowserSetting.BrowserUtils.utils.ipairs., browser_type=.tostringM[BL] calling Base_provider:fill_url_settings_with_the_same_url with url=.info.log.core......%.?6...9.......X...6...4...=...6...9.......X...6...'...B...5...7...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4540
                                                                                                                                                                          Entropy (8bit):5.7215463842427425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:/15UBuCYLAbf/uKwWbQ+YMVVnM/EdvsyJfQMGUu7:/3AX6SZVMEd3ZQDUu7
                                                                                                                                                                          MD5:CD798E5EF0695CE45913CFE9FF24DA07
                                                                                                                                                                          SHA1:F93D5CE576A5D9F3758E8DEC89B2956BB666CFA7
                                                                                                                                                                          SHA-256:9817B919A08CB4C5393364AE0E8F1B68D36E0F929DEBCD08F9539CAEF703A6FF
                                                                                                                                                                          SHA-512:9A8C4926558E2DCABD9EFE661C926428C7B9AA328D29D4CB833124EE8E95737ADC6060A307FBE53F93859C294C9F24D62C2088E812C9567FE926DFEDBF8B065B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........;6...9.......9...'...B...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...B...+...L...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...6.......B...'...&...B...+...L...6...9.......9...'...B...+...L......common_checks: end., won't proceed.'.tostring$common_checks: extension state .get_extension_state*common_checks: registry entry present.edge.BrowserType.BrowserUtils.utils!has_extension_registry_entry.browserSettings.common_checks: start.info.log.core.........'6...9.......9...'...B.......X...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...-...B...6.......9...'.......B...6...9.......9...'...B...K.......!schedule_edge_ext_check: end.on_edge_check.SetEventTimer.timerFactory.edge_onboarding_check.GetOption.settings2schedule_edge_ext_check: common checks failed#schedule_edge_ext_check: start.info.log.core......E...6...9.......9...'...B.......X...-...+...B...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3446
                                                                                                                                                                          Entropy (8bit):5.580599253252745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:8QlNSU52MBNIsd+eE+Zo1PsLjgjg2kYIf0TfdXdWXbiA:8YSU5pd+IZo1PBg2kYw0TfdXdWuA
                                                                                                                                                                          MD5:174EA661C9AE5700F50E0C6C8B298909
                                                                                                                                                                          SHA1:1625F68F91A0D3D0981AE33AA127B2C8B4261E51
                                                                                                                                                                          SHA-256:EDBAC1B754DDAA727AD3CDBDDF97FACB4FABF4A4F4BBDBE9C943961D951CA1C8
                                                                                                                                                                          SHA-512:F884D0DC98EA0A1816D241751D6E56A0E2434B1F5435726ABD03338A4F99469A3F95D0AC4A8465ED89BCA458D38050804F2685A1E47AAF896312880941DF2ACB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........T6...9.......9...'...B...6.......9...6...9...9...9...9...B.......X...6...9.......9...'...6.......B...&...B...+...L...6.......B...).J.....X...6...9.......9...'...6.......B...'...&...B...+...L...6...9...9...9...9...6.......9...6...9...9...9...9...6...9...9...9...B.......X...6...9.......9...'...B...+...L...6...9.......9...'...B...+...L....common_ff_toast_checks endBcommon_ff_toast_checks: WA extension is installed and enabled.ff_wa_ext_id.get_extension_state.ext_enabled.ExtensionState$ supports registry installation%common_ff_toast_checks: version .tonumber.tostringIcommon_ff_toast_checks: failed to get Firefox major version . Error .err.ff.BrowserType.BrowserUtils.utils.get_browser_major_version.browserSettings!common_ff_toast_checks start.info.log.core......#.l6...9.......9...'...B...6...6.......9...+...'...)...B...A...6...9...B...6...6.......9...+...'...)...B...A...6...9...9...9...............B.......X...6...9.......9...'...B...K...5...6...9...9...9...=...6.......9...+...'

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2880
                                                                                                                                                                          Entropy (8bit):5.680378484791574
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:qChuRIL5WuR0dyMGhKzG2VzWGLk5a2TB+2QSusUAwJjfRkmypUy8NqXRUsUc+LcI:qChuzuOGo9zk5FTAdSQgRUsUc+LcU0Ut
                                                                                                                                                                          MD5:6042C4E797DB58361D3649E6FA0BE845
                                                                                                                                                                          SHA1:ABAB0A1839EB6F478FDC6AE90CEF2FFEEC62689C
                                                                                                                                                                          SHA-256:9493F3374C1CE55BBAF24A7F0E13E20ED21827E76F3A3E1EFF14A2519BBD7FD8
                                                                                                                                                                          SHA-512:CB804CF67A710E2782FAE66CAE9F75C50F79AC2EA87D39BB4F33FA64875EA9FB488D014D82E83A51554FB15F56884F49FD3EE651B24EA90FC17DF36A8517DACA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.MFW\core\.....logger.dkjson.json.utils\stringUtils.utils\browserUtils.class.win32helper.utils\common_utils.........5...6.......B...X...6...6...8...'.......&...B...E...R...K....Module does not exist: ._G.assert.ipairs.....external.settings.subdb.telemetry.utility.browserSettings.registry.timerFactory.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.logic\.....usage_calculation.MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.ff_monitor.type_tag_utils.tests_logic.aj_logic.edge_onboarding.oem_utils\oem_util.oem_utils\oem_utils_wss.oem_utils\oem_utils_wps oem_utils\oem_util_selector.oem_utils\affid_monitor........d6...9.......9...'...B...'...6.......9...B.......&...6...9.......9...'.......&...B...6...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5319
                                                                                                                                                                          Entropy (8bit):5.745975256849087
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:XXleAMNJLtWOVh7jqJlkN48gkaxwSCTNOUnPmZ6Fnr6uoS9:nl07tWOGJlkJgkaOBNOUPxFrLoi
                                                                                                                                                                          MD5:E1C40EBE2C5D157FCBD18C89655653B5
                                                                                                                                                                          SHA1:1A4B6AFC1F430F6D5E9B5231AB1A6106F2F3C062
                                                                                                                                                                          SHA-256:F80EA2075917CA238EF3B46D9277BC1E905C10546E65996B3FEC603B81FF4633
                                                                                                                                                                          SHA-512:78606799678830D27DF7CF33E3DFF4DCA4B8EB449517B507D909B9714A1060265B1AC2FFC0387DB8C12B1BB00C3C4B980EDDF32017B1876DC12E7CC2FE9B09B8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........$6...9...9...9...6...9...9...9...B...)...-...9...'.......B...6...9...9...9.......6...9...9...9...........)...B.......X...+...L...-...9.......D......string.GEO_ISO2.SYSGEOTYPE.GetGeoInfoA.char[?].new.GEOCLASS_NATION.SYSGEOCLASS.GetUserGeoID.kernel32.Win32.core..........6.......9...+...'...'...B.......X...6...9.......9...'...B...6...9...9...9...B.......L....GetUserLevelGeo.MiscUtils.utilsH[BL] GetGeo: Got empty value of SystemGEO, falling back to user GEO.warn.log.core..SystemGEO.GetOption.settings.........6...9...9...-...9...9...)...)...'...B...A...9.......X...+...X...+...L......handle+{B3251298-6CD7-4C88-A541-A62A7500D233}.OpenMutexA.C.Win32Handle.Win32.core........8-..."... .......X...+...X...+...6.......B.......X.*.....X...6.......9...+.......6...6...9...9...9...........B...A...A...X...6.......9...+.......'...B...6.......B.......X...6.......B.......X...6.......9...+...........B...L......(current<setting).days_elapsed.common_utils.utils.core.tostring.SetOption.settings.st

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9815
                                                                                                                                                                          Entropy (8bit):5.839563999700545
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:76Qa+8YiRGQLtdF4ivOiTSzDSEoNw0FKgv/a6auYc4HGLJUgd:76Qa+8YAGQLdHONHOKgHPoc4mLGgd
                                                                                                                                                                          MD5:DED78D399D6009980BE422242A9BBD8E
                                                                                                                                                                          SHA1:35B6F92F31D06ABF5F81EE11E4AA41B5AF5E20E8
                                                                                                                                                                          SHA-256:BAF9C732E0AE7A53AB4B01EAD3122559AC3E42CA9BF014136275C8FA69B1242F
                                                                                                                                                                          SHA-512:D852CE53905C84FDA63BC74FAAABDC2512FEC11E2B7ED8B9470D378F589461EE49D21E188D3D4FC21E2E1A2F6DCABCD8162D4F74D8BF9909A1139BCEA650C62F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........J6.......9...+...'...)...B...6.......B.......6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...6...6...9...B...A...A...6.......9...+...'...'...B...+...L...6.......9...+...'...)...B.......X...6.......9...+...'...'...B...+...L...6...9...9...9...6...6...9...B...A...........'...D....MinimumDaysElapsed.MiscUtils.utils.(interval=0)3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL.(just set).OEM_WSSUninstallDateState.time.os.SetOption.tostring.[BL] *WSSUninstallDate = .info.log.core.tonumber.*WSSUninstallDate.GetOption.settings.........V6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'.......B...6...9...9.......9.......B.......X...6...9.......9...'...6.......B...&...B...K...6.......9...+...'.......&...'...B...K....NoError.RecoveryAttemptLastError_.tostringA[BL]: SetSearchOfferAllowed: nil browser string

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1779
                                                                                                                                                                          Entropy (8bit):5.569415025810661
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:FVI5znjQm2soNtKCSTeiijbeTOx/6ATk0pdpy6cSVIBmD/JF8vor:fIpjzatN2U80FIBKBtr
                                                                                                                                                                          MD5:5728F2F5B792DB52879923AA04B66F14
                                                                                                                                                                          SHA1:621A4FD5A6F5CD74B8F9279DB8E8C9BE53618C55
                                                                                                                                                                          SHA-256:6FE5698A9FB8ECE4B1234606B51F23725FE82DE21BED3E8B964E07021C549886
                                                                                                                                                                          SHA-512:F8D87D29E49E04C8B236B43D564DD9D787549AB95E0D4C1BB24976DC32E519053BD13C3BFC6DEC0F16FBF3FE303E0E9207ADDDA56B5F1ADBC45BE7F75CA789F9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ............6...9.......9...'...B...6.......9...+...'...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B.......X...6...9.......9...'...B...K...6...B.......X...6...9.......9...'...B...K.......9...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...+...6.......9...+...-...B.......X...6...6.......9...+...-...'...B...A...6...9.......9...'.......&...B.......X...6.......9...+...-.......B...+...X...6...9.......9...'...B...6.......9...+...-.......B...+.......X...6...9.......9...'...B...6.......9...B...6...9.......9...'...B...K......wps_affid_check_impl end.apply_customization.wps_utils1wps_affid_check_impl: applying customization3wps_affid_check_impl: affid is not updated yet.SetOption6wps_affid_check_impl: current WA saved aff_id is .0)wps_affid_check_impl: wps aff_id is .tostring,wps_affid_check_impl: wps aff_id is nil.get_aff_id4wps_affid_check_impl: wps implimentation is nil.oem_utils_wps2wps_affid_check_impl: affid override disabled.affi

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):560
                                                                                                                                                                          Entropy (8bit):5.070909170520725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6f0a/55P8Z+U3bTs3IdtnugLBGgiO6CaMAEWfIJw8nGAOdg:68aMZdTs0ugLBx2ChAEWfF8d8g
                                                                                                                                                                          MD5:3FA88847EE0F13538ABEC9AD10F2EE73
                                                                                                                                                                          SHA1:6BC7F487FD4D06AB255B892BB33DF6FE038B0621
                                                                                                                                                                          SHA-256:D8A3B76B9B3793DE75F2DB4A5011FDEDBE873BF4C50B3C0C69CB937076801381
                                                                                                                                                                          SHA-512:430C5ED86BC477678D1A74384EC14A25A3AD6EF34D29ECF87F9146A1702DFE23BCE63746EBCB90B69F5D0F02103349E24A2CD9AAA2FC0AE2D81BC199609CA0EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........K...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L..........."6...9.......X...6...'...B...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...K.....is_active..get_expiry_date..get_activation_date..get_install_date..is_trial_active..is_trial..is_installed.oem_util..class.core.class.require.core._G...//0C88CD92C38CC31371E2A7FFEF24E36ED213BABD85DC71FD564CF5CAA71EDCF41046765B4EB07BF8B13B0624816E7C09F18C9A2148C8D43D962748870C87EC73++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):672
                                                                                                                                                                          Entropy (8bit):5.329052509256524
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6DmOMYinnQlYelgLOphYfR2MQyPiOhYfQIMBFSWbB4Fd/0/b/UtmEmgh:6nVMeNwfR2MQsmfQIMBFXG1QUtmyh
                                                                                                                                                                          MD5:C459A560CB78933ACAC76514E2408D5A
                                                                                                                                                                          SHA1:FA5086A115872496C2D59EF500FDBE123F7B8C52
                                                                                                                                                                          SHA-256:D8C8985978EDCA7FF9CCF655D4BF3823C8428C8AEE16DC51F5564DDB1F0AFB2F
                                                                                                                                                                          SHA-512:001BA39B437B7804508B81B4D560F8C73924A9F9FE882195CDF2B780E3C6F21DE09BD9940A115434B98D59D1DFC635EE891BFF59C23A86ED57D89EFFDB899D2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........46...9.......9...'...B...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...+...L...0[BL]: get_oem_implementation: wps installed2[BL]: get_oem_implementation: wps_oem not nil.oem_utils_wps0[BL]: get_oem_implementation: wss installed.is_installed2[BL]: get_oem_implementation: wss_oem not nil.oem_utils_wss([BL]: get_oem_implementation: start.info.log.core+.......3...7...K....get_oem_implementation....//836C5B03D9868F1E7E3E80AF6F0A8B8EBCB0FD233926B88E4C5C83320CF9F3A7CB133D48875B0A53A6F9F32262D69227F8387C864E9257C874D53016B35D51F9++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5508
                                                                                                                                                                          Entropy (8bit):5.601274527465085
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:WHn6Gmsvuo4xjk8mxfFDMkJH40m9sjvqFXf+2rWVH9b5lRUwsqt:U6vcJvmAtYeUwsqt
                                                                                                                                                                          MD5:15D0398B9F76392BDA31A64E92EBEF60
                                                                                                                                                                          SHA1:D49B2128B16A9948D16C39ABB8650592137C2EE2
                                                                                                                                                                          SHA-256:6633C5E2D1E16325A6172E260EEE73186B1063D63911F21F18141D255040A1A9
                                                                                                                                                                          SHA-512:403A09F1FF6F6000893B4D49BAD0CA9FD796C3B10BBC94C6B54AA7B7E869B858E6E73210A9FB99B9D717B587C5E5E413488C3088C788A8B80F5D6FF22BBC7E80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........?6...9.......9...'...6.......B...&...B...6.......9...-...B.......X...6.......9...-...B.......6...9.......9...'...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...6...9.......9.......B...6...9.......9...'...B...=...K........wps_data5[BL]: oem_utils_wps:constructor: parse succeeded.decode.json1[BL]: oem_utils_wps:constructor: setting is 0[BL]: oem_utils_wps:constructor nil setting([BL]: oem_utils_wps:fallback to v1 .get_setting.wps_utils.tostring.[BL]: oem_utils_wps:constructor. self is .info.log.core........;6.......B...6...9.......9...'.......&...B.......9...-...B...6...9.......9...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...&...B...6...9...5...=...=...=...=...=...=...D......sec.min.hour.day.month.year....sec..hour..day..month..year..min..time.os...:. .-([BL]: wps_date_to_lua: parsed date .match)[BL]: wps_date_to_lua: input string .info.log.core.tostring.........6...9....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2385
                                                                                                                                                                          Entropy (8bit):5.565249107581106
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:eYWhvpfcvH72EQvevwdH85FkRkBjvFV4sl2V:2lpfEH7hQ6wdeFkRkBbz4slQ
                                                                                                                                                                          MD5:2F92638A462617B9BF64DFD7C4D1D401
                                                                                                                                                                          SHA1:C407EB5D173957076EA2985E2AC6F581DBA98E59
                                                                                                                                                                          SHA-256:41F4E60EFEC88CA3AF71D5E26398E7A35609B81EC2A6E62E2D5CDA27D9433156
                                                                                                                                                                          SHA-512:1F6FE9D172EC60199669F32E6E7996B901D8078B1FFB9D76B3F9A9F04CA15235276517E38CE55192EEAE4C05629308003C983752848EAB5E562F5EBD85F9D95E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........6...9.......9...'...B...6...9...9...9...D....IsSuiteInstalled.common_utils.utils%[BL]: oem_utils_wss:is_installed.info.log.core.........6...9.......9...'...B...6...9...9...9...D....check_wss_trial.common_utils.utils![BL]: oem_utils_wss:is_trial.info.log.core.........6...9.......9...'...B...6...9...9...9...D....is_active_wss_trial.common_utils.utils([BL]: oem_utils_wss:is_trial_active.info.log.core........46...9.......9...'...B...6.......9...'...'...B...6.......B.......X...6...9.......9...'...B...+...L.......X...6...9.......9...'...B...+...L...6...9...9...9.......B.......X...6...9.......9...'...B...+...L...L...:[BL]: oem_utils_wss:get_install_date null expiry time.SubDBTimeToOsDate.common_utils.utils>[BL]: oem_utils_wss:get_install_date data is empty string.;[BL]: oem_utils_wss:get_install_date data not a string.string.type.installed.vso.GetProperty.subdb)[BL]: oem_utils_wss:get_install_date.info.log.core........L6...9.......9...'...B...6.......9...'...'...B...6.......B...

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5694
                                                                                                                                                                          Entropy (8bit):5.849470354833383
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:2/dh6DsRoC42BeCpx7Pd0e+VOleAGrLNPF0pBtw9CJ5ohtbKI3Ht:2/dhLRqyPvd0ZOlOXNP2p3bJ+hVZ3t
                                                                                                                                                                          MD5:9CB4856CFB3739CC2218002F4FD729A6
                                                                                                                                                                          SHA1:BF36999CE3FB36B6E479957B5220D9DDE5C4CC20
                                                                                                                                                                          SHA-256:787B1152F9A87D32B0A3073B1015D270B5D849B41A41C95012C2A41270BB87A7
                                                                                                                                                                          SHA-512:AB5FC590F4DCF0F8E951F7A9ABEB0E1C30F9EA4743589CFF10A15A8C62FBEDAA1FAD9D04E3BC201871ABB03759D5308712CE1CE8BC66970173ABB33918641738
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........E6...9.......9...'...6.......B...&...B...6...9...9...9.......B.......X...+...L...6.......9...+...'...6...9...B...6...9.......X...6.......9...+...'...'...B...6...9...9...9...'.......B...6...9...9...9...B...8.......X...+...L...6...9.......9...'...6.......B...'...&...B...+...L.... end"[BL] should_be_selected_impl .GetGeo.,.Tokenize.common_utils.AU,DE.BingCountrySet.Bing.Yahoo.SearchProviderCodes.ProviderForced.GetOption.settings.ShouldSelectBingOverYahoo.MiscUtils.utils.tostring&[BL] should_be_selected_impl for .info.log.core........-6...9.......9...'...B...6.......9.......6...9...9...9.......B...A...6...9.......9...'...6.......B...&...B...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....ext_not_accepted.ext_disabled.ExtensionState.BrowserUtils.tostring4y_for_b_extension_criteria: extension state is .get_search_extension_id.MiscUtils.utils.get_extension_state.browserSettings&y_for_b_extension_criteria: start.info.log.core........e6.......9...+...'...).

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18145
                                                                                                                                                                          Entropy (8bit):5.8898803796156605
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:0baPqTqj5R2F46vdSGGgOqkmzLKh0hyKc1BSF63i8IOB6VNplF9az:0b4qTq1R2F4WgGGgOqkmzqkyKc1Bqd8p
                                                                                                                                                                          MD5:1BDB3B40489026FD4B88B72CB1728E6F
                                                                                                                                                                          SHA1:0D5565819D96ECB2F422C103CE9CC75D72C1F746
                                                                                                                                                                          SHA-256:A80EE525C4ABD87F5089FFC31076702C68A76DF9642ECF316E1AC974E292E2BB
                                                                                                                                                                          SHA-512:C66982AD355155C528DC41B759E1870CC1BF536D0C4C617A60B629FF2CFE19F671DCCFD22226058E6C44E3630E3D3590A338BEFDC3152D6BA30681BDC350F7FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ.........."6...9...9...9...B...-...8.......X...+...L...6.......9.......6.......9...+...'...'...B...A.......X...6.......9...+...'...+...D...+...L....."*EMEA_COUNTRY_SUPPORT_ENABLED.HU *EMEA_COUNTRY_SUPPORT_REGEX.GetOption.settings.RegexTest.utility.GetGeo.MiscUtils.utils.core........16.......9...+...'...-...B...6.......9...+...'...'...B.......X...6...9.......9...'.......&...B.......X.......'.......&...X.......6...9.......9...'.......&...B.......X...-...'.......'...&...>...K........).*..^http(s)?://(us\.|ar\.|at\.|au\.|br\.|ca\.|ch\.|fr\.|fi\.|de\.|dk\.|hk\.|in\.|it\.|kr\.|mx\.|no\.|es\.|se\.|tw\.|uk\.|cf\.|cl\.|co\.|id\.|nl\.|nz\.|pe\.|ph\.|sg\.|th\.|pl\.|tr\.|espanol\.|ve\.|vn\.|malaysia\.)?search\.yahoo\.(com|co\.jp)/search.*(\?|&)fr=(mcasa|mcsaoff|mcsaoffblock|slv8-mcafee|$AdjustRegex: regex addition is .|,AdjustRegex: got special chrome frcode .info.log.core..YAHOO_CH_FR_CODE_REGEX_ADD.*YAHOO_FF_FR_CODE.GetOption.settingsG.......6.......9...B.......K......get_config.smart_toast_s

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1917
                                                                                                                                                                          Entropy (8bit):5.844687996879564
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:iFZZRFnYQrEfyAb/taw2mx/YH8tEiwtRU1VWk+gj99:iFz/REfyAb/Yw2mx/G8tEiwtyok+gjn
                                                                                                                                                                          MD5:5F7613E39C466B29459B809F692398D6
                                                                                                                                                                          SHA1:FD6F702282C45FEC65CCD2F7A84763FB9EA91447
                                                                                                                                                                          SHA-256:FCDE3D311F9B801860D2E34DFD79F30C1649EA27F8F6F56F399F43134D6FF670
                                                                                                                                                                          SHA-512:B37D26C12A53C78FF7A962B69C3B7E6E45A52897472410AA7473E5F77D361B9DA7B813534995694CBDA33B6CBB35F344B7A520B14FC8E02144D1EF478671149F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........`6...9.......9...'...6.......B...&...B...4...6...6...B...H...6...9...........B...F...R...6...9.......B...).......)...M...6...8...8.......9.......B.......X...L...O...6...9...6...9...9.......9...'.......6...9...B.......X.'.6...9.......9...'...B...6.......9...+...'...'...B...6...9...9.......9...+...'.......'...B...6...9...9.......9...+...'.......)...B...6.......9...'.......B...+...L....(empty)(fill_url_settings_with_the_same_url.Base_provider.SetBrowserSettingInt.(Unknown).ProviderToastedName.SetBrowserSettingL^http(s)?:\/\/(www\.)?yandex\.(com|ru)\/search\/(\?|&)fake_param=fake.*.SECURE_SEARCH_REGEXES.SetOption.settingsI[BL] ssProviderSelector.GetSSProvider nullifying settings for Yandex.Yahoo.ProviderToasted*GetUserBrowserSettingWithSystemBackup.BrowserUtils.utils.Yandex.SearchProviderCodes.ShouldBeSelected.sort.insert.table.ss_providers.pairs.tostring/[BL] ssProviderSelector.GetSSProvider for .info.log.core.........6...9.......9...'...6.......B...'...6.......B...&...B...6.

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_search_setting.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1079
                                                                                                                                                                          Entropy (8bit):5.59753508033406
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6XKNbPMFjBgrexyj1yA9yqlyt4KU8qyHm6nqJq8Uf+E3Vxcz+nr:f0b6yy1P9xlUUDixMq8Ufxxd
                                                                                                                                                                          MD5:C52D3C82D16896F10A24ED0F18962E8B
                                                                                                                                                                          SHA1:B829FEBB4A81259B67C1CAFF710E881EC976B08B
                                                                                                                                                                          SHA-256:36233C98FF348E0040319E8A125AC24988ED59A7C52F3F5805F543A5A61186B4
                                                                                                                                                                          SHA-512:B0A63CD117B5C97929D774FC2B0208C8A3F4BE7A7C2B1138F76BE4825164F48FC6CF068374D61FB2493E2BE4E312A53D22ECA2979DE6F9721CC64E2C8DDCFA69
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........J6...9.......9...'...B...6...9.......B.......X.5.9.......X.2.4...6...9...B...H...6.......B.......X...9.......X...6...9.......9...'...9...&...B...9...=...X...6...9.......9...'.......&...B...<...F...R...6...9.......9...'...6...9.......9.......B...&...B...L...X...6...9.......9...'...B...+...L...K...Q[BL]: smart_toast_search_setting:get_config: Smart search settings not found.encode.jsonF[BL]: smart_toast_search_setting:get_config: Processed settings: ][BL]: smart_toast_search_setting:get_config: Unknown setting or malformed data for key: H[BL]: smart_toast_search_setting:get_config: Found frcode setting: .frcode.table.type.pairs.search_settings.get_config smart_toast_config_selectorO[BL]: smart_toast_search_setting:get_config: Getting smart search settings.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_search_setting._G...//F0A6836976F59F59578A7F23C605584C8A2C452DF6247868F42

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_template.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):811
                                                                                                                                                                          Entropy (8bit):5.5627366010630785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6ni3JB40xJB888hUeJBlznqJq8UtTgc6e:+i3JLxJOXUeJrzMq8UtTgc6e
                                                                                                                                                                          MD5:E607C870DDB1433C445E1C46E3766C99
                                                                                                                                                                          SHA1:66F3A4BB2A953FB4750EA0DAF512A5DB077CC050
                                                                                                                                                                          SHA-256:5DD2F9C2FBA8C7B96D5BBBBC6DA6DA646AAFCF16522C4DC22195AA22D4E6F072
                                                                                                                                                                          SHA-512:5188642411431160F1C2046624B64C0ADD278082D3686ABC32FBC1A6495BFFE90B4460FBE5D72DACD56B0799F0D1BE480B43407CD4B60AB250048454CAD20761
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........06...9.......9...'...B...6...9.......B.......X...9.......X...9...9...9...9...9...9...6...9.......9...'...6...9.......9...9...B...&...B...............J...X...6...9.......9...'...B...,...J...K...J[BL]: smart_toast_template:get_config: Smart toast template not found.encode.jsonB[BL]: smart_toast_template:get_config: Toast template found: .web_view2_template.template_data.template.toast_template.get_config smart_toast_config_selectorH[BL]: smart_toast_template:get_config: Getting smart toast template.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_template._G...//A5D557B96D3D8EF81D45E71E298E1D15E70890FAE0CFBB872033838E2F034A97DB01EAB7B0A563393BFF010FB182CD70A3DDEB2EBE978785C7097A4DF6F51E0F++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_trigger.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):903
                                                                                                                                                                          Entropy (8bit):5.527964649762146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6VPcljcvIPYljlAEltlXfgNUIqlLnqJq8U6r+SGj9:Zlj85WEBYNUIqNMq8U6fGx
                                                                                                                                                                          MD5:0E81B6D2373D30AEB9B86784E94C9AB4
                                                                                                                                                                          SHA1:B4C833E6D6C26C652F24CCC4EB784D66D5E42E3D
                                                                                                                                                                          SHA-256:4C172C578AFAE4F866C3AD5258230906B171B2937FEFB48F5B1D06917A572576
                                                                                                                                                                          SHA-512:F98B9A9E843BD86BF9A388A92B0E5D54D594635B69A233D49FE48286B2FCE59EA1976DCD305CEA4E0FE5D7D75D15D9240CD567E68FE59645A7CFBBFD8F1DE0D1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........<6...9.......9...'...B...6...9.......B.......X.'.9.......X.$.4...6...9...9...B...X...6...9.......9...'.......&...B...6...9...........B...E...R...6...9.......9...'...6...9.......9.......B...&...B...L...X...6...9.......9...'...B...+...L...K...E[BL]: smart_toast_trigger:get_config: Trigger settings not found.encode.jsonG[BL]: smart_toast_trigger:get_config: Processed trigger settings: .insert.tableB[BL]: smart_toast_trigger:get_config: Found trigger setting: .triggers.ipairs.trigger_setting.get_config smart_toast_config_selectorC[BL]: smart_toast_trigger:get_config: Getting trigger settings.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_trigger._G...//894BE453DE029DD5840552784029DC188B404F167CC065ABC224735C9BA01F79CCFBD988E2ADEAB24C6180B9A534AA2FE0BEF10C4D408CA840AD3D221C87D0DA++

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\smart_toast_config_manager.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):49012
                                                                                                                                                                          Entropy (8bit):5.056113680206571
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:+wf+IsIWUHHe4QmwgUwTjNxHS/lpliu/ATe:DDsRU+4ZXBnBu/Ay
                                                                                                                                                                          MD5:215D687FAA6F35A92EB6FC31CA5CCD46
                                                                                                                                                                          SHA1:614E6B7F747C7FBD9AAE75FC1B3C2C13E1CFE521
                                                                                                                                                                          SHA-256:7BBCDD6D869930E31FBD7FA2721009557BF84EB81E7CBC6ADBD040B05EA674B5
                                                                                                                                                                          SHA-512:758D4ECAB869CA1F356B22D4FB613C050DE02B035EAAD87F3B90B335203E5DC91275F1E931CF2FE5F1DC72015B7164ABFEDBFFE177FACE3FAC3D2011AB19BA89
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ...........5...9...=...-...9...9...8...=...-...9...9...8...=...-...9...9...8...=...L..........toast_template.search_settings.trigger_setting.config_setting....config_id..search_settings..trigger_setting..toast_template..config_id..........6...9.......9...'...B...6.......9...+...'...+...B.......X...6...9.......9...'...B...K...4...4...6...6...9...B...H.(.6.......B...6...9...........B...4...6.......B...X...6...9.......B...9...<...E...R...6...9...<...6.......B.......<...6...9.......9...'.......'.......'...&...B...F...R...6.......9...+...'...6...9.......9.......B...A...6.......9...+...'...6...9.......9.......B...A...6.......9...+...'...+...B.......X...6...9.......B...:...6...9.......9...'...6.......B...&...B...6.......9...+...'.......B...6...9.......9...'...B...K...I[BL]: smart_toast_config_manager.initialize: Initialization complete.SetOptionInt..[BL]: smart_toast_config_manager.initialize: client_config_version is not set, defaulting to the least available version = .sort&smart_toast_c

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\smart_toast_config_selector.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2203
                                                                                                                                                                          Entropy (8bit):5.472780090169697
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:kVInVFaoLKmuO8UVUoDUJU0UvrUsmU2FXvoIHEUj3UQtUQqDUHUQTUQKDrUMUYq4:QInVlmhhUVU2UJU0UvrUPUIvoIHEq3Ur
                                                                                                                                                                          MD5:DF2352EEA6BE71F1B5D79F10662739E3
                                                                                                                                                                          SHA1:8A413AF42DE3D7EF4950A7E52BA337805DCAF38B
                                                                                                                                                                          SHA-256:0D645C681D19923BD277955F389DF56E4F7EF99BFB758C47FE05E0625BD84B0D
                                                                                                                                                                          SHA-512:4043E355B56787F8742F1D5C9224753C306489FD0CA71EE7AEC49DD7B87745E7DCAD417A26C849CD08E31BFDFEEF1781FDF142AB98AFD31A789E70FBF86AFD5F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........]6...9.......9...'...B...6.......9...+...'...'...B...6.......9...+...'...+...B.......X.......X.......X...6...9.......9...'...B...6...+...=...6...+...=...1...6.......9...+...-...+...B...K...6...=...6...=...6...9...6.......B...6.......B...A.......-.......X...6...9.......9...'...B...6.......9...+...-...+...B...X...6...9.......9...'...B...6.......9...+...-...+...B...1...K.......P[BL]: smart_toast_config_selector.initialize: Configuration loading failed!U[BL]: smart_toast_config_selector.initialize: Configuration loaded successfully!.tonumber.get_configuration.smart_toast_config_manager.SetOption.config_version.config_id smart_toast_config_selector^[BL]: smart_toast_config_selector.initialize: Config ID or Config Version is nil or empty&smart_toast_client_config_version..smart_toast_config_id.GetOption.settingsB[BL]: smart_toast_config_selector.initialize: Initializing....info.log.core........]6.......9...+...'...'...B...6.......9...+...'...+...B.......X.......X.......X...6...9

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34823
                                                                                                                                                                          Entropy (8bit):5.86515989822727
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:IhyM9PIgux64k9yq5nwbpVnk+XQqXMrWD7C7Us7hUfmE:WP9wZOfZh+L57C7Us7hUL
                                                                                                                                                                          MD5:27735FFCAFD79E2DD7FAA14983E7B047
                                                                                                                                                                          SHA1:3EF73EF114D0F8BAACC6A8DD0E95D9C4D7CF34B6
                                                                                                                                                                          SHA-256:FE72597C6E27D3A31E893B754D793AFD614B1501250880812E306ADC286168EB
                                                                                                                                                                          SHA-512:4A798E5E861198A11D2D8D4FE991AB2E9B0556701A7BFA90424B27B0808E4029A0819162B2BBF0D417111EF6FA0CCF892F7499420F6EDAA37A3A78C61D80787E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........76...9...9.......9.......B.......X...6...9.......9...'.......&...B...K...6...9...6...9...9.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...K....GetCurrentMinVersion.MinBrowserVersion_.GetCurrentMaxVersion.browserSettings.MaxBrowserVersion_.SetOptionInt.settings.GetBrowserStr.lower.stringLInvalid browser type passed to UpdateSupportedBrowserVersionDimensions.info.log.IsValidBrowser.BrowserUtils.utils.core........%6...6.......9...+...'...-...9...B...A...6...9.......9...'...6.......B...&...B...-...9.......X...-...9.......X...6...9.......9...'...B...-...9...L.....7[BL]: alt_triggers_get_cohort: setting cohort to 0.logon_unlock.tostring6[BL]: alt_triggers_get_cohort: settings value is .info.log.core.regular.alt_triggers_cohort.GetOption.settings.tonumber>.......6.......B...X.......X...+...L...E...R...+...L....ipairs@.......6.......9...B.......K......get_config.smart_toast_trigger........-...-...-...D

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1783
                                                                                                                                                                          Entropy (8bit):5.633941139078878
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:2mDrfjaG7ffgaIddgL9tlVewikdQ9THVK9LySRk:2mfraG7foLddqhiDVPwk
                                                                                                                                                                          MD5:6DD0F5422A0B0A63DE2B7E6672159761
                                                                                                                                                                          SHA1:BFC28D332AC773FBDCDCD008B64C937C904E8539
                                                                                                                                                                          SHA-256:0E3B4BB44790636DCD295570E7B70AFD6EDA5724EB1D6C3F1850213368F23552
                                                                                                                                                                          SHA-512:D0AF0F8D018C6F715BC6767F5F740232B744A19C2EEB6931067057BBEF3010DC1B53FBD7432E951B1EC908679A36F02C07937C878CC8FFE292B779734F6807A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........)...6...9.......9...'...B...6...9...9...9...9.......X...6...9.......9...'...6.......B...&...B...6...9...9...)...J...6.......9...+...'...+...B.......X...6...9.......9...'...B...6...9...9...)...J...6.......9...+...'...)...B...6...9...B...).......X...6...9.......9...'...B.......6.......9...+...'.......B...X.*.6...9...9...9...........B.......6.......9...+...'...)...B...6...9.......9...'...6.......B...'...6.......B...&...B.......X...6...9.......9...'...B...6...9...9.......J...6...9...'...B...9...6.......9...+...'. .)...B...6.......9...+...'.!.)...B...6...9.......9...'.".6.......B...'.#.6.......B...'.$.6.......B...&...B.......X.......X...6...9.......9...'.%.B...6...9...9.&.....J...6...9.......9...'.'.B...6...9...9.(.....J....ignore_within_timeframe.tests_logic.tt_check: end.no_toastAtests_logic.tt_check: time of date is out of limit. No toast., higher limit ., lower limit *tests_logic.tt_check: current hour - .tt_higher_hour.tt_lower_hour.hour.*t.date.ignore_threshold_passed?tests

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2150
                                                                                                                                                                          Entropy (8bit):5.8901240226380915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:USmjnzqGkwl85sHGX6lVwas7aeKCRMB52R7N3hWpL:U12UGuORaehk5ONx+L
                                                                                                                                                                          MD5:8842D40DEDEC7911CE6FCE164CBD02C0
                                                                                                                                                                          SHA1:8AA59AF52E797479B0ED72BE3B9ACA363360A2B2
                                                                                                                                                                          SHA-256:8A4F20A6DAD25234A22C3F19D87BAB56E18CA3A59507F945FE580A001B6FFBE1
                                                                                                                                                                          SHA-512:11C80C711E63A047046F0A8ECFEBA879E8B8EA097D255F19E8009EC6C1E4371CBF08A34AD8CCDD76E9072BA87084DBB6CCA4793D2C288BEE9CB2A830504BAC0A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ........$...6.......9...+...'...'...B...)...6...9...9...9...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...)...B...6...9.......'...B.......X...'...X...6...9...........B.......X...'...X.......6.......B...6...9...9...9...9.......X...'...6.......9...+...'...+...B.......X.).6...9.......9...'...B...6...9...9...9...B...6.......9.......B...'.......X...6.......9.......B.......'. .........6.......B...........'.!.6.......B...'.".....&...L...'.#.........6.......B...........'.!.6.......B...&...L....type=E.M.G.type=G.EscapeA..MD5Hash.utility#get_analytics_hashed_device_id.MiscUtils&make_type_tag: G type tag enabled.info.log.g_type_tag_enabled.5.edge.BrowserType.BrowserUtils.tostring.find.%d+.match.string.*Experiment.*Freemium.*Orphaned.bor.bit.IsSuiteInstalled.common_utils.utils.core.0.*Affid.GetOption.settings..........'...6...9.......'...B.......X...6...9.......'...B

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2030
                                                                                                                                                                          Entropy (8bit):5.596807579263866
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:fhO0Zf/+V+JJUh10pF/M1KsAwTh4Bdj5minH30vY3I+J:Q0nW0cUsABQiH/b
                                                                                                                                                                          MD5:6EE000A68CBB4BFB9D2E138103B6DD57
                                                                                                                                                                          SHA1:54A356A89FF249F9810081EC4D5681760AB0BDDE
                                                                                                                                                                          SHA-256:8B5185E2590714C3B30E2F1A4F9670441AB0E864E81E0013E6B707FDF9FA5225
                                                                                                                                                                          SHA-512:0FAC66C1D3E9889B06E8FF4C1BAA30867F062DA01097A3A44800BA34DEFBDE8A30DD06E9F1B9E227B9F4EBE3CB2CCE6A922C9DEFBB36668147F485A9A130DFC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.LJ..........P6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9...9.......9...+...-...........B...6...9.......9...'.......&...B...K.......)calc_on_browser_start: end. Browser .SetBrowserSetting.time.os=calc_on_browser_start: session started already. Browser .GetBrowserSetting.BrowserUtils.utils.tonumber+calc_on_browser_start: start. Browser .info.log.core.tostring...........6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...!...6...9...9.......9...+...-.......)...B...6...6...9...9.......9...+...-.......)...B...A... ...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A...6...6.......9...+...'.......B...A...6...9...!...6...9...9...9...#...B...6...9...!...6...9..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\logicmodule.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4541672
                                                                                                                                                                          Entropy (8bit):6.544760213696757
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:vmZNRHnBao2l7VKSm+iKQB0Aulh8fGLDXVL5rtORei/vV+VnW8l+Homj1vy4iYuw:CB+j3lh8eLDXVd6znfIeuegdk
                                                                                                                                                                          MD5:9CD903BA6980812F23811F8622DF893F
                                                                                                                                                                          SHA1:29A00C25A8624935B31309446AF15ACDAE463477
                                                                                                                                                                          SHA-256:32EB612688981D2CBB469F54AC0F8CBD7F70698872269582DA9D5C7F7150B416
                                                                                                                                                                          SHA-512:13567F64002D9F1080F6D72C4FD21700CEB44084F3E3F719C4D5AA5C3BF9DF22C989BC10B55DA3734F9AFF43DB72EE1F5FC2DA5DBEBC3EEDA81610475E471000
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........E#..+p..+p..+p..qe.+p&./q..+p&.(q..+p&..q..+p...q..+pF..q..+p.(q..+p.-q..+pE./q..+p..+p..+p.*q..+p..*pj.+p./q..+pH./q..+pqv.q..+p.."q..+p..+q..+p...p..+p..)q..+pRich..+p................PE..d....XWg.........." ...$.(4.........P1,......................................0G.......E...`A.........................................C@.<....R@.......F.X.....D..x....D.......F.Ph..0.<.p.....................<.(.....9.@............@4..... =@......................text...<'4......(4................. ..`.rdata..~5...@4..6...,4.............@..@.data...,.....@..:...b@.............@....pdata...x....D..z....A.............@..@.didat..@.....F.......D.............@..._RDATA..\.....F.......D.............@..@.rsrc...X.....F.......D.............@..@.reloc..Ph....F..j....D.............@..B................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1785632
                                                                                                                                                                          Entropy (8bit):7.942738490429967
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:NSI3oiG08swq0fhLy0fEg6IGJIlq+S6O8:NSCG08sw3YyEg6IiYq8
                                                                                                                                                                          MD5:080FF9263F39F62DBDAE513C66B7B9D2
                                                                                                                                                                          SHA1:32DF585659003B10E7ED769932727D53480B9C34
                                                                                                                                                                          SHA-256:326CBB6CD7D6062B850337A50200C805CDCBF59A6E05818990E6352AC68B4935
                                                                                                                                                                          SHA-512:7A7A21D05FA8D2562A0598B254A25A49099AFA5EBD072DE391D9EE8DC30F57CD2830816C8A2B5997AE74C0B9924185334B15EC5CC3587B74C2E7957296E6E02B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.c......................................................9..............................................[...........Rich............................PE..L....R/`.....................t.......t............@..........................P............@.................................l)..x....`..,............... +...0..p.......T...................<...........@...............H....(..`....................text.../........................... ..`.rdata.............................@..@.data...\....@.......(..............@....rsrc...,....`.......2..............@..@.reloc..p....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\resource.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27336
                                                                                                                                                                          Entropy (8bit):5.57578184442293
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UBhBT/W58RrB3M65lWHqXPDenaKb6ki29d1ikN42niSJIVE8E9VF0NyJlP:uBr3M65Kr22Psu/2ExP
                                                                                                                                                                          MD5:5E8BFBB3A3DC1E55C7D024E6C1ED51C5
                                                                                                                                                                          SHA1:5676951B6835B3426365F73A5FAF398BA705B611
                                                                                                                                                                          SHA-256:C5C3A970925D4BA60CE859F90ED37A206BD658B88F852BAC3B182BED75A9C9ED
                                                                                                                                                                          SHA-512:F14CDB2AF7B6FCAA7A3C675D512871AF019B83764E848B23EA765EB3B702BC36BF56B9D2D9B93898354F893F7819A706798B1EC3229559770159992C8E3F54FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L....XWg...........!...$.....>...............................................`......._....@.......................................... ..\:...........@...*..............p............................................................................rdata..x...........................@..@.rsrc...\:... ...<..................@..@.............XWg........o................XWg.........................XWg........l................XWg............................................RSDS../.|.zH.?.iDv......C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\Resource.pdb......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02....................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\servicehost.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):926176
                                                                                                                                                                          Entropy (8bit):6.441613709559614
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:kt3osXFOyxMZettus7ZuOE0KQsX/N1atFNRGpLSb0+JV/juMxqOAgzhlt21koJJO:kNFgtqntVbuuqOAgzD0yAJ1vo
                                                                                                                                                                          MD5:F7C7039D19E16D05B6194D74E128DFE4
                                                                                                                                                                          SHA1:177F53976B4C50DAD0046D9CDBAB9DDC8D605302
                                                                                                                                                                          SHA-256:B3B36669F7A96042A822BC563BD7D7A45D3F48F2724CB2B3E111ECB188B35ADC
                                                                                                                                                                          SHA-512:E0EAE14E0CE552D50C05C63232A2CB687144DE6C14CE56BA417F2A648E7D64B0B543847534543147C4738F17689962ED322EE966EF738EC19FC440AFF3456716
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i..i..i.....i....'i.....i.7...i.7...i.7...i.....i.....i..i..h.....i...(..i.....i.Rich.i.................PE..d....YWg.........."....$.`..........Pv.........@....................................A.....`.................................................P...........p................I..........`...p.......................(.......@............p.. ...8........................text...L_.......`.................. ..`.rdata...p...p...r...d..............@..@.data............H..................@....pdata..............................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1976248
                                                                                                                                                                          Entropy (8bit):6.542602737128031
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:HSvhHKsJFPGimmqxvsH4CYWI4dq9kuuNCykGo9Fcx1KfhEkSwJ2a5BATvEsIkut:YhDFPDmm+NjiuLGo9FxfvnJ2+2TxzQ
                                                                                                                                                                          MD5:A22A9096CB688D8C18EAFBEB7C939B3C
                                                                                                                                                                          SHA1:4A4F617248784355F03B25C1902655B034426BE9
                                                                                                                                                                          SHA-256:9429B653F74FE7B130DBDF9FCBF0604D3A65F46F7DD62EB6A7F819EAE4425C15
                                                                                                                                                                          SHA-512:075A2DF44E2DDCE200A6E01AC4A2E8111163541CEF224940E4DE36C79BC6D943DC0D0EB2593773609A6379BD4041B28F82E15FA2248057614E8A8261776C2453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........B.I.,KI.,KI.,K..)J..,K..(JG.,K../JC.,K../JD.,K..(J_.,K..-JZ.,K..)J%.,K..(J[.,KI.-K2.,K..(JH.,KS.%J..,KS.,JH.,KS..KH.,KS..JH.,KRichI.,K........................PE..d...qYWg.........." ...$.....v.......................................................x....`A........................................."..T...."..........h....p...........m.......$..$...p.......................(....W..@...............P...x!..@....................text...,........................... ..`.rdata..2<.......>..................@..@.data....$...@.......$..............@....pdata.......p......................@..@.didat..0....`......................@..._RDATA..\....p......................@..@.rsrc...h...........................@..@.reloc...$.......&..................@..B................................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\taskmanager.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4248888
                                                                                                                                                                          Entropy (8bit):6.51552548631765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:cGy5W9wQakZKTrZICtWT/kCdT++jhpATJHqb2dyyr5certCHev7WYrLw:h2O0ltSdcHqUychCHcY
                                                                                                                                                                          MD5:E04ADD7D426AEFD853FEDADAD1B77C81
                                                                                                                                                                          SHA1:B2BE74907C18B4595AC59DE8C5FFB26BBEF6C05B
                                                                                                                                                                          SHA-256:807A1C4AFAB2337C2E741EF2449C3B273583183B12FC7EC6311D72FB5C49CEF5
                                                                                                                                                                          SHA-512:CA579755FD707F0929440D918DA95149B6A8B8BB62F79F58F75BA0120A9D570245374B5F5392C44B5C92F8A434803362A40BD6B579ADD1CA6E355BE9B40A036A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......uU.14..14..14..zL...4...J..!4...J..;4...J..G4.....94..+K..04..zL..<4..zL..*4...A..#4..zL..(4...A..04...A..%4..14...5.....`4..+K...4..+K..04..+Ks.04..+K..04..Rich14..........PE..d....XWg.........." ...$../...........(.......................................C.......A...`A..........................................;.P...P.;.......C.X.....@..P....@.8.....C..t....8.p.....................8.(... Z5.@............./.`.....;......................text...../......./................. ..`.rdata..*0..../..2..../.............@..@.data.........;.......;.............@....pdata...P....@..R...J=.............@..@.didat........B.......?.............@..._RDATA..\.....B.......?.............@..@.rsrc...X.....C.......?.............@..@.reloc...t....C..v....?.............@..B................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\uihost.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):904488
                                                                                                                                                                          Entropy (8bit):6.4427020541085485
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:4/fhi2sqy1ccu9jbG5QJ0zJERddh6y/m1Qdg8dvNVll86NH7oWLC3ftPZ+o6MC9Q:gpihoBvjlllNH7oW+vVs4C9thc
                                                                                                                                                                          MD5:C75ACD4F363FEC78A32439364E82021C
                                                                                                                                                                          SHA1:4ACD52C71D6CE05E42CC92439DF5D3F7BFA7C35B
                                                                                                                                                                          SHA-256:40DFF9FE25E79607D897598995FF7127CEF17826B7E55795C1953B6520524C37
                                                                                                                                                                          SHA-512:39E9305D4686AC1E5995B0EEC6C40922D428B0732D71763FFD5934A295B498315216D2F55AD0543CB7E604625F01DF9A089A694533C01CD9448A24A7A9B951FE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i..i..i.....i....8i.....i.(...i.(...i.(...i.....i.....i..i..h.....i...(..i.....i.Rich.i.................PE..d....ZWg.........."....$. ..........._.........@.............................p.......b....`.........................................................@..p...............(I...P..........p.......................(...p...@............0..............................text............ .................. ..`.rdata...h...0...j...$..............@..@.data............F..................@....pdata..............................@..@.didat....... .......f..............@..._RDATA..\....0.......h..............@..@.rsrc...p....@.......j..............@..@.reloc.......P.......n..............@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\uimanager.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5846872
                                                                                                                                                                          Entropy (8bit):6.5127665295159405
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:vewckSLoQ9RmaHxsLDXuUnnX3qI1JQ72QQqVU:WwckSFbmaRsLDXu0nXa8++qVU
                                                                                                                                                                          MD5:198765D6A4572DA3AA27FB5586F983FC
                                                                                                                                                                          SHA1:C6585ED626337107F5902CC9BCD790B452C3196D
                                                                                                                                                                          SHA-256:3309A24532E7814A46B593D237CD0EDB96FE29F479D38E0C265CE08ED2F81E97
                                                                                                                                                                          SHA-512:FFBE8931EAECB7803A36DDB566B1896BB8D2B9C517AEA8E7D642E0FD495E1397EAC307C1A6870073B38AD4ED4A5BDF2B231135E3CC69D193D184A516D609B83F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..........V....................G.......G.......G.......................$.......................).......'........B........................................,.............Rich....................PE..d....ZWg.........." ...$.xB.........P.8.......................................\......4Z...`A..........................................Q.<...,.R.@.....[.P....@X..^...FX.X.....[......M.p.....................M.(... .I.@.............B.......Q......................text....vB......xB................. ..`.rdata..Z.....B......|B.............@..@.data........@R......"R.............@....pdata...^...@X..`...:T.............@..@.didat..p.....[.......W.............@..._RDATA..\.....[.......W.............@..@.rsrc...P.....[.......W.............@..@.reloc.......[.......W.............@..B........................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\uninstaller.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2998832
                                                                                                                                                                          Entropy (8bit):6.549731823097714
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:0b8E4leMHenRm5Xht5Ljzjj5EIGEjwRiNuoWV6Oh0lhSMXlgQtLoUA405SwFzSKH:LE4le9RC5LjzvAEjN7W4bDdGzSKguZbT
                                                                                                                                                                          MD5:3AA2D9539FE8D506B25EB3E3122BF191
                                                                                                                                                                          SHA1:7A8832272DCE3E8BC37D13B3735F94EAF71DD256
                                                                                                                                                                          SHA-256:36CA61C3EEB21785BB61C5C969D638377B6E1EC0898FFF5794AD67999C179B7C
                                                                                                                                                                          SHA-512:CE2EF98F134EBC741EC1C4431A9399D46C953F568213BE11037D52F1C1D4D275DF24EE182B1914F71550FE7F570A32CDF2215140B514E7F258976A837E44678D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........aw...$...$...$...%..$...%-..$P..%..$P..%...$P..%...$...%...$...%..$...%..$...$...$>..%...$...$...$...%...$...%...$...$...$...$...$...%...$Rich...$........................PE..d....YWg.........."....$.......................@..........................................`...........................................$.(.....$......p'.8.....%.PW...2-.0....`..h/....!.p.....................!.(...@...@.....................#. ....................text....~.......................... ..`.rdata..............................@..@.data...4....@$......*$.............@....pdata..PW....%..X....$.............@..@.didat.......P'.......&.............@..._RDATA..\....`'.......&.............@..@.rsrc...8....p'.......&.............@..@.reloc..h/...`...0....-.............@..B................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\updater.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2751968
                                                                                                                                                                          Entropy (8bit):6.543746013265706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:mNSSVGmcW/5GNyfDpK8CMjnlQTvvcmkT9zO1XqS9hzKtkdbCn2Go:ehGmmKphCMjnlYvCS99K9nw
                                                                                                                                                                          MD5:9A4C26D4AA627CA1C69D40C9091B4A74
                                                                                                                                                                          SHA1:686E3ED1EF9910487492EB99F686FB8463FC2F79
                                                                                                                                                                          SHA-256:DAB9D341F72C74C9EB35803119C96AFAD4AFAC8F312D84E2A077944CADF1C41F
                                                                                                                                                                          SHA-512:1F2ADEC01039FBDD2B80A0001758B3D040C07912CC2BF41701DDB9C0AC49E34BEBD5C21C9EA03865639B1BCF596B3000D26AA033EA0245AF8DD0EA5A66E14773
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......x.m.<p..<p..<p..w...+p..w....p...../p.....0p.....Dp..w....p..w...+p..&....p..<p..=p......op..<p...q..&...Lp..&...=p..&...=p..<p..=p..&...=p..Rich<p..........................PE..d...TWWg.........."....$.l..........@..........@..............................*.....c.*...`...........................................%.$....%.......(......0'..F...v)......p*..)..0:#.p....................;#.(....E!.@...............x...p{%......................text...nk.......l.................. ..`.rdata.../.......0...p..............@..@.data....s....%.......%.............@....pdata...F...0'..H...:&.............@..@.didat........(.......'.............@..._RDATA..\.....(.......'.............@..@.rsrc.........(.......'.............@..@.reloc...)...p*..*...L).............@..B................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9912
                                                                                                                                                                          Entropy (8bit):3.922084693018274
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:/QL4RLAq8F9BeGgTcNTRCNPx6RlrC052ic8:P1IX2X8
                                                                                                                                                                          MD5:439B5C6870BF60683B2108830F0C0EE8
                                                                                                                                                                          SHA1:6D8686ADBBD7EDB119EE26FCAD89C7A33FB73360
                                                                                                                                                                          SHA-256:9A17EA1B5BCFC3C587C42A948D492A9BB862592ED557C6AA4208093A102EE84A
                                                                                                                                                                          SHA-512:992E9A7991F51AC017F508E03E6F71C94F65BFAEFC47FB5FCDBFE3AEE2DBD6715B88C97623DC7AC1417C6799E2BF7568A56D5013D68508BA0FDCB9A50227BC41
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/* Uninstaller UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.UNINSTALL).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml(),.. _data = _core.data;.... ui.Uninstaller = function () {.. var checkProgressInterval,.. checkUpdaterInterval,.. checkUpdaterNumRetries ,.. buttonOkId = "wa-uninstaller-button-ok",.. buttonCancelId = "wa-uninstaller-button-cancel",.. buttonCancelCss = "wa-button cancel",.. buttonOkCss = "wa-button ok",.. version = _webAdvisor.getVersion(),.. el = {.. $header: $("#wa-uninstaller-header"),.. $content: $("#wa-uninstaller-content"),.. $footer: $("#wa-uninstaller-footer")..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\wa-uninstall.css

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3558
                                                                                                                                                                          Entropy (8bit):4.798796773500084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:UKQqFbbgRjujt6whhzIr3EfygNkd9ZcRx1+zRMJ9NDG4lzDU8:FxFb8Rjujt6wr8r3EqgNkFcRx1+zRMJZ
                                                                                                                                                                          MD5:F63DD51791AA934B2F6D65EA309C24CA
                                                                                                                                                                          SHA1:ABBD3F7BCA2A16B227DE767B8A2BDFE5BCDBAD3A
                                                                                                                                                                          SHA-256:C2E9C443AAB40E56EBBFDC8314C9395B621C400598B636023D39D2856FCBAD27
                                                                                                                                                                          SHA-512:067054925488064E54A17E4EC92D45606ED8C41BAF169C6758E94B47CCD2CD33E8CF39B877FF912B1A389AC0483DD9320E99A3C4F8F8E727421F09E510AB2A03
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:body {.. background-color: #ffffff;.. overflow: hidden;..}....#wa-uninstaller {.. width: 600px;.. height: 473px;.. border: 1px solid #BAC6EA;..}....#wa-uninstaller-header {.. height: 48px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: 1px solid #BBC7E7;..}.... #wa-uninstaller-header > div {.. display: table-cell;.. }.... #wa-uninstaller-header .title {.. vertical-align: middle;.. }....#wa-uninstaller-header-close {.. float: right;.. position: relative;.. top: 12px;.. right: 12px;.. cursor: pointer;..}......#wa-uninstaller-content {.. margin: 24px 30px 0px 30px;.. color: #404040;.. font-size: 12px;.. height: 67%;..}....#wa-uninstaller-start h3 {.. font-size: 16px;.. font-weight: bold;.. color: #53565A;.. margin-bottom: 5px;..}..#wa-uninstaller-start h5 {.. font-size: 14px;.. font-weight: 400;.. color: #53565A;.. margin: 0px;..}....#wa-uninstaller-st

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\wa-uninstall.html

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1304
                                                                                                                                                                          Entropy (8bit):5.275006435536822
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:csYzTEL0GNVMz7jVMz7EVMz7VMz/VMzlLVMCdLG7OLG3LGt1LGzAdpKJz/To:3OTEL0Sv265iCdLG6LG3LGt1LGzArKds
                                                                                                                                                                          MD5:FCD0694DAA6D877837A41C6B7990F0F3
                                                                                                                                                                          SHA1:D43BB82B88775AAC31939AED1C94880283353AD5
                                                                                                                                                                          SHA-256:A9A6391E0C62AE8A4B5B4849D53E1EFD6FA9928AAABBADA99EC64F78545AF4F9
                                                                                                                                                                          SHA-512:4CD94146C2A594944A93C25F0128E244196B99895DAF15E5FC2CC40A52C49F779095D364143CB8203816597E704E12CDA955DB72E1A0DEC16FC697C07DA82EFB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-uninstall.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-uninstall-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-uninstall.js"></script>..</head>..<body>.. <div id="wa-uninstaller">.. <div id="wa-uninstaller-header

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\webadvisor.ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):99892
                                                                                                                                                                          Entropy (8bit):3.9749743269785345
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                          MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                          SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                          SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                          SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):676
                                                                                                                                                                          Entropy (8bit):4.824937383394461
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:ShnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:ShnPOaKioAjxEaN94MpEJq7SBlMZ79oi
                                                                                                                                                                          MD5:D4525EEF75A5ED31DD1463E94E63EE32
                                                                                                                                                                          SHA1:9D2B35EF3800BF1CD34F6AFE03EDF1B02F75B7EA
                                                                                                                                                                          SHA-256:E8BE10CE45725068D0B6F7B90C1F86C90B0F949B9FB4229CF9EE4A82DF9980E8
                                                                                                                                                                          SHA-512:E92548F4F2B49138BEFE5800DD459F0A9DB3062B32661D98BD9E393D2510E9B41822ABCA3FDF179A7EBCA6B8899E0634B668FDDD1D1A1E67D8A5876F11C85D18
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):332
                                                                                                                                                                          Entropy (8bit):5.199984426997364
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:3FHWb4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1Hi7Gv6iK1re/3dwwBi
                                                                                                                                                                          MD5:ED06108D883C1FFED6910F55AC4A5A3D
                                                                                                                                                                          SHA1:7974E1658801A128A23C0B2737545F2AB5C5F3F2
                                                                                                                                                                          SHA-256:B659E0167E9CEBFB8A031F259D840577B3897ABF3E91C2ABBE3E8F947598FF47
                                                                                                                                                                          SHA-512:075F93DE9A8065B939BD947D23F2D3F1EA793AFA492CA030B0B24C4FB223F85846A37DF908ED5DD08987AFFA60AB3ECB6ACA512C777F05E9DD7849976868D6E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):675
                                                                                                                                                                          Entropy (8bit):4.830153549273225
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:JaWhnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:JaWhnPOaKioAjxEaN94MpEJq7SBlMZ7R
                                                                                                                                                                          MD5:B09DB140B1A6360DC1D7F6BCF9D85B22
                                                                                                                                                                          SHA1:09839EFA3B9055D51BFE566E9F5F8B7529B085D2
                                                                                                                                                                          SHA-256:395D1298C7E5A9D6A7F45A0A84F89A0652DE890F202812FE3EF0DA830F24A98C
                                                                                                                                                                          SHA-512:F1539E728D9F7DB8870CE58D2B4C49431DB288DD4D26D3C3D52374BB1B856001E8BF541650CF77813308060EDC57939E35E0B21D99EE18F0D2681FE052E91145
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):331
                                                                                                                                                                          Entropy (8bit):5.221057694206649
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:3FHWEas4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1HZaW7Gv6iK1re/3dwwBi
                                                                                                                                                                          MD5:49D8FD2B7CDD52D1CD2F2F3F019A597D
                                                                                                                                                                          SHA1:62548306CE140C5336570EB02D4AF566121CFC65
                                                                                                                                                                          SHA-256:B114F82CBCB910A1F282E823266801468571F3F2DB9802AFFD3C758F933CE9C2
                                                                                                                                                                          SHA-512:3F9FA7C2D56A3BA12690D1D2107FC12D66CC6294D0C1A5003221E4B7A6C6481197BFD05CDEFFDE09F2D2AEF55132CE8CBEB40953AD25A96BF40675907FE68B16
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):646112
                                                                                                                                                                          Entropy (8bit):6.615158378781579
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:e1btYO+v7ftQNF8XpEB3iePkNEoj+rgSfshPyMjEmjM0ZQ1w:0b3g4oj+pMjEmw0OS
                                                                                                                                                                          MD5:E771F356A7E30D21457CDA44836F8DBB
                                                                                                                                                                          SHA1:99B8069134AFB4471D42721CD01AE6E430E473B6
                                                                                                                                                                          SHA-256:D4C1E8B473B11BE236DFC772A694F1C2B360A844613F7FB2B9FCD5ADD761B056
                                                                                                                                                                          SHA-512:90600A4E49097668A5B7C4792FECE1D20584E16BEC0C2950CA8626529CD6F61F6281154B309246C62168805A7AC3B7881F51AC783421B9178218F7487DBEB7D5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......#..~g.-g.-g.-<..,h.-<..,..-V.}-e.-..}-f.-5..,?.-5..,w.-5..,~.-..,f.-<..,..-<..,w.-s..,e.-..,k.-...,h.-g.-B.-..K-b.-.,f.-.,..-...,j.-...,f.-...-f.-...,f.-Richg.-................PE..L...x1.e...........!......................... ......................................e<....@.........................P.......(........p..@................?.......^...A..p...................@C......pB..@............ ...............................text............................... ..`.rdata..V.... ......................@..@.data....Y.......@..................@....rsrc...@....p.......8..............@..@.reloc...^.......`...<..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):804776
                                                                                                                                                                          Entropy (8bit):6.352926794265583
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:ESMUeSJFVwoykQGh5YHWSGBjfWeVoNErPgdo:ESbRJFBykQ8YHWvFWeVKErPg
                                                                                                                                                                          MD5:25EBD76F4F56BF3791735C1D5E539577
                                                                                                                                                                          SHA1:B4A89100A510E9BE58446F74300C34536A9EFD29
                                                                                                                                                                          SHA-256:EAD25990DBD86BCDB82A61921DBC19356AE9740E75F9B10767DD99AEB09BCA50
                                                                                                                                                                          SHA-512:D416B3FCA1CB7E2D04A5826D2DC2DE0DEC3F4663636C6758AA399FB7E9D26CCAAC3E5F6E19F159695A4AEE02C13B7263818195A51CF6C92785A6364CDDF9474C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.........Wm.9>.9>.9>..:?.9>..<?P.9>...>.9>..<?..9>..=?..9>..:?.9>S.<?.9>..=?..9>..8?..9>..8?.9>V.<?.9>r.<?.9>.8>.9>3].>.9>y.=?.9>y.<?..9>).0?.9>).9?.9>)..>.9>).;?.9>Rich.9>........................PE..d...R1.e.........." ......................................................................`.................................................x........P..@........x.......E...`...... ...p.......................(.......8............0..(............................text............................... ..`.rdata.. ....0......................@..@.data...Tt...@...L..."..............@....pdata...x.......z...n..............@..@_RDATA.......@......................@..@.rsrc...@....P......................@..@.reloc.......`......................@..B........................................................................................................................

                                                                                                                                                                          C:\ProgramData\AVG\Antivirus\fw\config.ori.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):2126
                                                                                                                                                                          Entropy (8bit):3.622805597920419
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:yevvpp7507GOhPVlig85KmaHBavqI0AXxQ+UliRFICOA/:eBwm6
                                                                                                                                                                          MD5:60424032333D4723D7F4FF7543A7AA76
                                                                                                                                                                          SHA1:1FA9FA26B21439ADCD5258727F9CD0B954D0F5A1
                                                                                                                                                                          SHA-256:BE79AFFC10F1D93F9AE438C6320FEED7846BCB0950CD32E8A564EEB59203B6EA
                                                                                                                                                                          SHA-512:859A800DFD2DE9F0BC0F5E81A8F0AB80EEFCB56FE0A9E634AB8CD13881FFD26E13448529D9A0D096A61D5F1E410EEAD06DAC75A91B09FAF7F692D8884A41456C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.A.v.F.i.r.e.w.a.l.l.C.o.n.f.i.g. .t.y.p.e.=.".C.o.n.f.i.g.u.r.a.t.i.o.n.". .v.e.r.s.i.o.n.=.".1.".>.......<.S.y.s.t.e.m.R.u.l.e.s.>.........<.A.l.l.o.w.D.H.C.P.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.A.l.l.o.w.D.N.S.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.W.i.n.d.o.w.s.F.i.l.e.A.n.d.P.r.i.n.t.e.r.s.S.h.a.r.i.n.g.S.e.r.v.e.r.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.W.i.n.d.o.w.s.F.i.l.e.A.n.d.P.r.i.n.t.e.r.s.S.h.a.r.i.n.g.C.l.i.e.n.t.P.u.b.l.i.c. .v.a.l.u.e.=.".2."./.>.........<.A.l.l.o.w.R.e.m.o.t.e.D.e.s.k.t.o.p.S.e.r.v.e.r.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.O.u.t.g.o.i.n.g.P.i.n.g.A.n.d.T.r.a.c.e.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.I.n.c.o.m.i.n.g.P.i.n.g.A.n.d.T.r.a.c.e.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.A.l.l.o.w.I.G.M.P.T.r.a.f.f.i.c.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.A.l.l.o.w.M.u.l.t.i.c.a.s.t.T.r.a.f.f.i.c.P.u.b.l.i.c. .v.a.l.u.e.=.".

                                                                                                                                                                          C:\ProgramData\AVG\Antivirus\fw\config.ori.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2126
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):514
                                                                                                                                                                          Entropy (8bit):7.5354326830321146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:h0SVCzcy+efoVI3y2xkr1hKk8WkVm5J3qeGd/tn:h0Sozcyffni2xGrK8SmCeGrn
                                                                                                                                                                          MD5:3381F372618DF28E7DFA7D8659BAA2D8
                                                                                                                                                                          SHA1:42D93AE4EC910BC745A1BB3B4C6D65C7C5393BC0
                                                                                                                                                                          SHA-256:A84CF169FFD1C10821A11D1651F87E190CECFDD64A3886DC041CC509EFD073CF
                                                                                                                                                                          SHA-512:4E22ED6520FAA2EC13C09214C8562C12C1BDFF3E92A722514C95B63821B809DE76305CBF9675993280C169FA1B09863B0C37EFD1A91FD1DBAA41B2908126B759
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:]..@.N...........D.....%..k.I...d.4.;tK.....f.*........$3\.A.igTU.Q.h.e.....'S.uoQ..x....@.N.9=zlcR..TB..E)...w9.g....s.9]u.r..%.....d....$r......;g.$...Q)(.d.K7...CCH...Y.V|..i..u.D..a...#..W9.....6...xYg....d.....f)M4....F)LB-..l.kXZ..Y..x..6..).M.?>...mc..de......P.|?=~..OU.(.<.9....}..E..*+5N.DGb.(...k?A......E..e...._...DM..Y.b.........3.1.......c.?+l}..m!..59.PJ..:....d./.B....T=...>N._....qASWiSTRU0`.f..config.xml\oo.d...+.t.<....#.^..8.....Y..)L?:.K.PO.#....p.|..k........NY.ASWSig2B

                                                                                                                                                                          C:\ProgramData\AVG\Antivirus\fw\config.xml.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2126
                                                                                                                                                                          Entropy (8bit):3.622805597920419
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:yevvpp7507GOhPVlig85KmaHBavqI0AXxQ+UliRFICOA/:eBwm6
                                                                                                                                                                          MD5:60424032333D4723D7F4FF7543A7AA76
                                                                                                                                                                          SHA1:1FA9FA26B21439ADCD5258727F9CD0B954D0F5A1
                                                                                                                                                                          SHA-256:BE79AFFC10F1D93F9AE438C6320FEED7846BCB0950CD32E8A564EEB59203B6EA
                                                                                                                                                                          SHA-512:859A800DFD2DE9F0BC0F5E81A8F0AB80EEFCB56FE0A9E634AB8CD13881FFD26E13448529D9A0D096A61D5F1E410EEAD06DAC75A91B09FAF7F692D8884A41456C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.A.v.F.i.r.e.w.a.l.l.C.o.n.f.i.g. .t.y.p.e.=.".C.o.n.f.i.g.u.r.a.t.i.o.n.". .v.e.r.s.i.o.n.=.".1.".>.......<.S.y.s.t.e.m.R.u.l.e.s.>.........<.A.l.l.o.w.D.H.C.P.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.A.l.l.o.w.D.N.S.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.W.i.n.d.o.w.s.F.i.l.e.A.n.d.P.r.i.n.t.e.r.s.S.h.a.r.i.n.g.S.e.r.v.e.r.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.W.i.n.d.o.w.s.F.i.l.e.A.n.d.P.r.i.n.t.e.r.s.S.h.a.r.i.n.g.C.l.i.e.n.t.P.u.b.l.i.c. .v.a.l.u.e.=.".2."./.>.........<.A.l.l.o.w.R.e.m.o.t.e.D.e.s.k.t.o.p.S.e.r.v.e.r.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.O.u.t.g.o.i.n.g.P.i.n.g.A.n.d.T.r.a.c.e.P.u.b.l.i.c. .v.a.l.u.e.=.".1."./.>.........<.I.n.c.o.m.i.n.g.P.i.n.g.A.n.d.T.r.a.c.e.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.A.l.l.o.w.I.G.M.P.T.r.a.f.f.i.c.P.u.b.l.i.c. .v.a.l.u.e.=.".0."./.>.........<.A.l.l.o.w.M.u.l.t.i.c.a.s.t.T.r.a.f.f.i.c.P.u.b.l.i.c. .v.a.l.u.e.=.".

                                                                                                                                                                          C:\ProgramData\AVG\Antivirus\fw\config.xml.ipending.82f740ca.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2126
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):514
                                                                                                                                                                          Entropy (8bit):7.5354326830321146
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:h0SVCzcy+efoVI3y2xkr1hKk8WkVm5J3qeGd/tn:h0Sozcyffni2xGrK8SmCeGrn
                                                                                                                                                                          MD5:3381F372618DF28E7DFA7D8659BAA2D8
                                                                                                                                                                          SHA1:42D93AE4EC910BC745A1BB3B4C6D65C7C5393BC0
                                                                                                                                                                          SHA-256:A84CF169FFD1C10821A11D1651F87E190CECFDD64A3886DC041CC509EFD073CF
                                                                                                                                                                          SHA-512:4E22ED6520FAA2EC13C09214C8562C12C1BDFF3E92A722514C95B63821B809DE76305CBF9675993280C169FA1B09863B0C37EFD1A91FD1DBAA41B2908126B759
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:]..@.N...........D.....%..k.I...d.4.;tK.....f.*........$3\.A.igTU.Q.h.e.....'S.uoQ..x....@.N.9=zlcR..TB..E)...w9.g....s.9]u.r..%.....d....$r......;g.$...Q)(.d.K7...CCH...Y.V|..i..u.D..a...#..W9.....6...xYg....d.....f)M4....F)LB-..l.kXZ..Y..x..6..).M.?>...mc..de......P.|?=~..OU.(.<.9....}..E..*+5N.DGb.(...k?A......E..e...._...DM..Y.b.........3.1.......c.?+l}..m!..59.PJ..:....d./.B....T=...>N._....qASWiSTRU0`.f..config.xml\oo.d...+.t.<....#.^..8.....Y..)L?:.K.PO.#....p.|..k........NY.ASWSig2B

                                                                                                                                                                          C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ver.ipending.82f740ca

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Jn:J
                                                                                                                                                                          MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                          SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                          SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                          SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:15

                                                                                                                                                                          C:\ProgramData\AVG\Icarus\Logs\event_manager.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):142
                                                                                                                                                                          Entropy (8bit):4.630874700409648
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:R+NfXPUwTew/B4gfFQRIiOVkV4FCvg3IKRHRoWnB6TewtAocv:RAfXP5/OaFERVLg3IKw6B6Tjy3
                                                                                                                                                                          MD5:6595768A34DA0AC8F6A29B524BA721B0
                                                                                                                                                                          SHA1:4EFEAF9C6B8A45FC542927A6BBFB085AE2BD422B
                                                                                                                                                                          SHA-256:B44CFE7DD628D96A81FE54F0E4196BC028354219010A0632C6D883ECE82D840A
                                                                                                                                                                          SHA-512:63A8FD41C74CEE3F2999F0DC12855C1586B65F17CFC6E9CEE6A968426595BFAF6A2FEEE106B5259958E553341E7000319B2E2159AA74399EE53ADE2D1DBD7435
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.[2024-12-24 11:22:12.143] [info ] [burger ] [ 2936: 5264] [8A4F0A: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                          C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):1367504
                                                                                                                                                                          Entropy (8bit):5.354291931529726
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:b044l2BoMtk+83qeS+cTH6hY8fCkOUg5IRUZXIRi+xYPfpQMZq2nhXbO:jH6akOUg5IiZXIRi+xYPfpdZq2nhXa
                                                                                                                                                                          MD5:DDBBEDD51310B45205E66B0CC84B3848
                                                                                                                                                                          SHA1:924150DA2B3E49C2AD1C3DD60B1C8EA613DC5108
                                                                                                                                                                          SHA-256:708F7ADDE05B9947CAAA8223568C3FEDBFA0DA54EBA97D10785C15CAE21AAA2B
                                                                                                                                                                          SHA-512:6878A489280E9B461DCE7344F586B61AA81C8818E9F8412D2DE449F7C2FECE71CF5CC3C5F1C1E9209730595280F47A14DDC27C810A2E5713329D93E0F50CDEB5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.[2024-12-24 11:21:52.219] [info ] [entry ] [ 2112: 3284] [231CAF: 39] Icarus has been started...[2024-12-24 11:21:52.219] [debug ] [settings_lt] [ 2112: 3284] [18C22A: 190] generic accessor for scheme registry set..[2024-12-24 11:21:52.219] [debug ] [event_rout ] [ 2112: 3284] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-12-24 11:21:52.219] [debug ] [event_rout ] [ 2112: 3284] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-12-24 11:21:52.219] [debug ] [event_rout ] [ 2112: 3284] [CECE0F: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-12-24 11:21:52.219] [debug ] [event_rout ] [ 2112: 3284] [CECE0F: 49] Registering event handler for app.settings.PropertyChanged...[2024-12-24 11:21:52.219] [debug ] [event_rout ] [ 2112: 3284] [CECE0F:

                                                                                                                                                                          C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1466), with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):13866
                                                                                                                                                                          Entropy (8bit):5.543682120072713
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:/ZrJeQ5JHfqY4JZbDbNeQ+Jwc76nvrWfr/rTrx0r7TrqHraR8r/wS5Y2zNeQaO:/PeQ5J/qFznReQ+JBmvCfz/d0HTuH++N
                                                                                                                                                                          MD5:B0F0AA4A0E6B7ED1FC251CD2B0631B4B
                                                                                                                                                                          SHA1:9A7C2ABA35DFAA3A2206FBEBBE0809EE4EAEDF39
                                                                                                                                                                          SHA-256:DBB5BEDF3AB822A68654DD9882AB44D59F51729092AB5AF8B33179D7CB9469A3
                                                                                                                                                                          SHA-512:2ACFCD7A9AD86E20794F5532EB8B1C9E391599E3F7C3D3ABD3A8052FCC41DDB86FFF52B1D42610687941BA9EA2ABD0B8CD3B44B71AB52A5E0FC15D2BF86B6AC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.[2024-12-24 11:21:13.695] [info ] [isfx ] [ 8100: 8104] [C7794E: 183] *** Starting SFX (24.12.8365.0), System(Windows 10 (10.0.19045) x64) ***..[2024-12-24 11:21:13.695] [info ] [isfx ] [ 8100: 8104] [C7794E: 184] launched by:'7984-C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-12-24 11:21:13.820] [debug ] [device_id ] [ 8100: 8104] [8A1DA9: 70] Storing the new fingerprint..[2024-12-24 11:21:14.038] [info ] [isfx ] [ 8100: 8104] [2A6F3E: 34] SFX started with command line '/silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb'..[2024-12-24 11:21:14.038] [debug ] [isfx ] [ 8100: 8116] [3A3D94: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"92c49f4d-3ab3-4099-aa16-2efb908cf78e","time":17350450921

                                                                                                                                                                          C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):166
                                                                                                                                                                          Entropy (8bit):4.990202766082142
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:tv+p5RVZCoVENjpbrikf6EI8FWv0dIQLoqDv3RIBLICWvv:tmp53FVumkiEI8FW0IDqDvRIBL1W3
                                                                                                                                                                          MD5:C043A3BEB23CC43CB3E9ACAE2AD9D8B4
                                                                                                                                                                          SHA1:F8A300A14643D9D2EF708839D882FA8FAE274F73
                                                                                                                                                                          SHA-256:3DF024F72A0BCDD90A7C140591E224492481EB7F32A940BFB9AF1CDB6472AF9E
                                                                                                                                                                          SHA-512:E5BAA81E296B7F06360ED20D9484A137CA49C0505D2C94947B978B09B277F13184E540098E21DAAD0A72D8DDD831A57D6AC0E67C0AA860D87A051B55C3C9FFF2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...[avg-av]..company-install-path=C:\Program Files\AVG..company-reg-key=SOFTWARE\AVG..product-dir=Antivirus..product-reg-key=Antivirus..program-data-dir=Antivirus..

                                                                                                                                                                          C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):278
                                                                                                                                                                          Entropy (8bit):3.4584396735456933
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Q9oPdKwo/e7nwY0ow+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwh7CaI/VJNKKHNX
                                                                                                                                                                          MD5:B8853A8E6228549B5D3AD97752D173D4
                                                                                                                                                                          SHA1:CD471A5D57E0946C19A694A6BE8A3959CEF30341
                                                                                                                                                                          SHA-256:8E511706C04E382E58153C274138E99A298E87E29E12548D39B7F3D3442878B9
                                                                                                                                                                          SHA-512:CF4EDD9EE238C1E621501F91A4C3338EC0CB07CA2C2DF00AA7C44D3DB7C4F3798BC4137C11C15379D0C71FAB1C5C61F19BE32BA3FC39DC242313D0947461A787
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....A.u.t.o.m.a.t.i.c.E.n.a.b.l.e.d.=.0.....C.o.n.f.i.g.U.r.l.=.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\AnalyticsEtw\analytics_wa.etl

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                          Entropy (8bit):5.4563300480978345
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:PQj66mgTYLc/al711GRET43AMsAK47yMTQsqGEVpnDb+6pZWt9kXqATHAyCNPWEg:a00av4wMF4GQND7SInAyCHjXzmhkw
                                                                                                                                                                          MD5:08874C56BC535B5BEB8B351D8E1F9992
                                                                                                                                                                          SHA1:63BC93F86C92025DE5A9C73ACFE75A0D8BB3BAA5
                                                                                                                                                                          SHA-256:DBAD18F0B28FE96DB4753ABBB1159F98E319EA9C557FBA3A306D34D2120D3E66
                                                                                                                                                                          SHA-512:68ACD10CD06441FF040A244708FBCB15D79F62727C61776991066025C7F4965FD459CF5CD5A55B6C209D8A13AD983B6EE4710AC9C21380B3DC8570C496AA56BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................p...!...............................l...d.g!.U..................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O............d.g!.U..........M.c.A.f.e.e. .{.7.A.D.6.1.B.2.6.-.D.7.5.1.-.4.8.7.E.-.B.5.5.7.-.6.9.2.6.A.5.5.8.2.D.D.B.}...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.c.A.f.e.e.\.W.e.b.A.d.v.i.s.o.r.\.A.n.a.l.y.t.i.c.s.E.t.w.\.a.n.a.l.y.t.i.c.s._.w.a...e.t.l.............P.P.....l...d.g!.U..............................................................8.B.d.g!.U..19041.1.amd64fre.vb_release.191206-1406.......@.d.g!.U..q...&.I.._$..M5....C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\AnalyticsManager.pdb................................................................................................................................

                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):236
                                                                                                                                                                          Entropy (8bit):5.013446098967759
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:rtRc5IyR1Rbz6RM0Rcz468tRc5s7R1Rbz6RM0Rcz46I:ZRNyRbbsZtRtRbbsZz
                                                                                                                                                                          MD5:2E4DDDD103236FB259D8B69B900A26A0
                                                                                                                                                                          SHA1:E04B05187707E9F7E5A06744DFC9F66C2FF86F0A
                                                                                                                                                                          SHA-256:FC4BEE17EB7112D21E541AC75DC52097D2CA6290B4BC1860D52ACB086EE7ED22
                                                                                                                                                                          SHA-512:78ED4AC0846DA6E74F0DD764FA50AA6DD3A99EF2DB5EA6956B351C1484D799E84A50C170F25BE62F9AC9B6C940948BE5E0739F2322D7E0A578CEBDD603023DE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ERR][20241224 07:59:44.959][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting ai.audio.opt_in.status..[ERR][20241224 07:59:44.967][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting ai.audio.opt_in.status..

                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1362
                                                                                                                                                                          Entropy (8bit):4.965875273102426
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:frt5bgrttrt6rtOR6rtart3/rtirtmrtS8rt1rrtbrtWrtOb/XJ:fZpgZtZ6ZOR6ZaZ3/ZiZmZS8Z1rZbZWS
                                                                                                                                                                          MD5:0B78E634A214AA609C5761B9DD196311
                                                                                                                                                                          SHA1:D11393035E9C7235E99072EFD3BCEEBC41048118
                                                                                                                                                                          SHA-256:F553298FFAF5AB6619D568690C3C0EA574F3D5E83CE3A3904784E54D04308293
                                                                                                                                                                          SHA-512:486B969732BFA45567EF7C4C5899243A8B2171D68D281E189DCA6664317950215F8D1C8025E51BAD72F8B296114B04A475495645AD67519F77CA56B8480E0146
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ERR][20241224 07:59:34.271][ProcessUtils.cpp@186]: Failed to open process with id 0. Error 87..[ERR][20241224 07:59:34.281][ProcessUtils.cpp@186]: Failed to open process with id 4. Error 5..[ERR][20241224 07:59:34.284][ProcessUtils.cpp@186]: Failed to open process with id 92. Error 5..[ERR][20241224 07:59:34.286][ProcessUtils.cpp@186]: Failed to open process with id 324. Error 5..[ERR][20241224 07:59:34.289][ProcessUtils.cpp@186]: Failed to open process with id 408. Error 5..[ERR][20241224 07:59:34.292][ProcessUtils.cpp@186]: Failed to open process with id 484. Error 5..[ERR][20241224 07:59:34.295][ProcessUtils.cpp@186]: Failed to open process with id 492. Error 5..[ERR][20241224 07:59:34.297][ProcessUtils.cpp@186]: Failed to open process with id 620. Error 5..[ERR][20241224 07:59:34.300][ProcessUtils.cpp@186]: Failed to open process with id 1476. Error 5..[ERR][20241224 07:59:34.305][ProcessUtils.cpp@186]: Failed to open process with id 3304. Error 5..[ERR][20241224 07:59:34.309][Pro

                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):211
                                                                                                                                                                          Entropy (8bit):5.133804898790498
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:rtRc5kk2JM0RG0DKhSm0tRc5BzwZVjwOrADGq:ZR5k2JTDFnR20rjhroZ
                                                                                                                                                                          MD5:2DD257FCED0082EECB2B9283B971B526
                                                                                                                                                                          SHA1:D69CC01FE92DCDD1B7C4C46D3444B3735B937DE7
                                                                                                                                                                          SHA-256:6D638A213091F459391E96CB7C0BCD202DC68666123A400F7DBC159BBC6169E5
                                                                                                                                                                          SHA-512:08270B711DAEAD28116F2405B1B8DFEBF3C7B6DC477E50D8600B3FBC541EFD9153A3F79967E13477DF4B29B1FA6C494222090A423B0323D4A1302B80D1E6D682
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ERR][20241224 07:58:03.687][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20241224 07:58:32.935][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\wa.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3043002, file counter 216, database pages 15, cookie 0x3, schema 4, UTF-16 little endian, version-valid-for 216
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61440
                                                                                                                                                                          Entropy (8bit):4.554714071852428
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:qD9f3nHrwqmRR5Cs28HDaoN0KQ5l06B1Tuq0CcK7CuCmYRR5sC4qwmf9100OHnM0:S9f3nHrwqmRR5Cs2OnN0KQ5ldB1Tuq04
                                                                                                                                                                          MD5:3FA1BB92FEE8031B50302A9026624412
                                                                                                                                                                          SHA1:BE159C5BD90FF1356A10B0913BDA6F7E9104B4EA
                                                                                                                                                                          SHA-256:6E7E1C91696CB7B4D6C8DD384BF5FBD577955601CD4F2422663DD250FD35C726
                                                                                                                                                                          SHA-512:460E815DCDFD67A69DE21C09AF022E76DA791369AA215301F0645A691E039086C45D264E950157883508842B83C38ECA5F402238A365174F0D80A3F53DF57222
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................n......._..=.R._......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                          Entropy (8bit):1.3073753241730137
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvru:KooCEYhgYEL0In
                                                                                                                                                                          MD5:64971C5930BCE64833A71FBD7970C861
                                                                                                                                                                          SHA1:85F791151D4248C92D8CE85197ADCB1113688D2F
                                                                                                                                                                          SHA-256:22DBD25F513A57966A25246E036AC1A94B2BDF211039827DC4D68A660C93A048
                                                                                                                                                                          SHA-512:51CD238B47B65B74053175B877D22E90B8F289EE48924FFB3651000EB21A4F09136927A7B2DA393536427961BE7CC16B5E094782A2E3F081D4065C1EC0C538EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x06c51fa0, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                          Entropy (8bit):0.42219994001842126
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:BSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Baza/vMUM2Uvz7DO
                                                                                                                                                                          MD5:E43C54FD6CBDE01AD3FF849129F3DCB7
                                                                                                                                                                          SHA1:22AE227A2950D24FC901A6AE799C8DF85AEEC8E0
                                                                                                                                                                          SHA-256:FEF0C5D57AC392998CD3AE07CABD869CC7F841317CE27AF0A4CD7A714BD57CC6
                                                                                                                                                                          SHA-512:AB2933AD80CBD8D2C465782FAE46CF9C36FC4DB858F5F10C866D1903DF2696CD912D30D30780A3748EF5D134D851BD8FC0B7B3EA104B3FE249A88C95C761092E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:....... .......A.......X\...;...{......................0.!..........{A......|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...........................................|....................Y......|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:OpenPGP Public Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.07705996870539306
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:XyklXKYeDXZmVCjn13a/cf0bLZm+llcVO/lnlZMxZNQl:bXKzDXh53qcf0XJOewk
                                                                                                                                                                          MD5:FC5792EAA3018DDD560694B72258A099
                                                                                                                                                                          SHA1:401252C87A62B047EFB0D25D700B2C40139509A6
                                                                                                                                                                          SHA-256:E5F7CDAD833904387FF93654B32CF6BC2EE307CACE09C107D4064E5AC02505BC
                                                                                                                                                                          SHA-512:9DE5D0EDCFBA5C2F0FFD408B0EFFC5FF5FDACEFEB62107427C1171DFC697CF9E685228DD12D167C3AC48532AC2214DEB88ABE7D0D49DA339A714ED84DA4D22FD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................;...{.......|.......{A..............{A......{A..........{A]..................Y......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Canvas of Kings__93cb8aa0ebada8bc6cc3ee15ba3a2061e89833_9beb09d5_3a618d11-0bc7-47f5-8818-d429429018f1\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.382174776495335
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:STtsIrRdTV0aEW8YrjcHO3TURaI/dzuiF+Z24IO8GF6:gvRYaEW/jHURbFzuiF+Y4IO86
                                                                                                                                                                          MD5:941D274E2527044D36B490D0B04286C6
                                                                                                                                                                          SHA1:5306A0D957F221323EB53713FFD7FE9B5B5B7DBF
                                                                                                                                                                          SHA-256:2B410FF7DECF957A361579FC943504D48164CCAB8635D2EDE381CC709D10B71D
                                                                                                                                                                          SHA-512:7B64E1BBE90247C86C5207BEDF20B64A2E539E1DC41C27FCB5F52CA449F94A30E75D1130C49BEEB90AA01E94E0159323BFBEF0DFC427524244F43C2E0F50BB34
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.1.2.9.3.9.4.9.8.3.4.9.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.1.2.9.4.0.0.2.9.5.9.7.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.a.6.1.8.d.1.1.-.0.b.c.7.-.4.7.f.5.-.8.8.1.8.-.d.4.2.9.4.2.9.0.1.8.f.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.3.1.6.a.c.9.-.6.7.1.f.-.4.d.b.4.-.a.a.3.c.-.d.e.6.3.9.9.c.e.9.5.4.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.a.n.v.a.s. .o.f. .K.i.n.g.s._.N.6.x.C.-.S.2...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.c.c.-.0.0.0.1.-.0.0.1.4.-.e.0.7.a.-.2.d.c.a.f.5.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.8.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Canvas of Kings__e28730b7e88a1cd4a582c7bc2e4ae58fdb7f74cf_9beb09d5_e8cb2c11-dcda-4592-802d-2e2afc8ab259\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.3821551766916131
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:OvVtsIrudTZ034rlfYrjcHO3TURaI/dzuiFZZ24IO8GF6:GvuE3WlcjHURbFzuiFZY4IO86
                                                                                                                                                                          MD5:658C1CA52D5F07598E292F6C89E74C6F
                                                                                                                                                                          SHA1:3833B7D4D92F843936C94CBEFACB2252EFA3CD9C
                                                                                                                                                                          SHA-256:03EFC040EBFCED43A687515DCC230FE9C49240ED89670BAE98B109765A3313BD
                                                                                                                                                                          SHA-512:D6DD73851A3D741DFAAC829FFCEEABA014E649AD33E639F1754660441167AB234609DAE655DD547F8A67BD6ED5F59B8EC0388B93B8F95BBEC588482632D806C0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.1.2.8.8.3.6.8.4.3.5.3.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.1.2.8.8.4.3.8.7.4.8.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.8.c.b.2.c.1.1.-.d.c.d.a.-.4.5.9.2.-.8.0.2.d.-.2.e.2.a.f.c.8.a.b.2.5.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.9.5.0.7.b.8.3.-.6.f.7.8.-.4.5.5.9.-.8.e.c.a.-.4.1.f.8.6.c.f.4.8.1.f.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.a.n.v.a.s. .o.f. .K.i.n.g.s._.N.6.x.C.-.S.2...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.c.c.-.0.0.0.1.-.0.0.1.4.-.e.0.7.a.-.2.d.c.a.f.5.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.8.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER68F6.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 11:22:19 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):119018
                                                                                                                                                                          Entropy (8bit):2.197632562230823
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:N89++eCmnCt0Wqo2b1ERs5ZAlEmc7IYgmETy8r2RDikYh2ZSpchv5Hyv0q3bm/P3:ZxiRqo2b1+s5ZA2IYgpyaxkYkAS1B
                                                                                                                                                                          MD5:937CE087E27A410E31025634E0155D37
                                                                                                                                                                          SHA1:C22A29E52F36A049EFF13F82C84E34B15808D2C5
                                                                                                                                                                          SHA-256:09F3D429FD6DF5EDE877CBFD1C8D323A0B135AB55B453EDCD464E0426C4B35A3
                                                                                                                                                                          SHA-512:B9AAE08303F79558197B419C725ABFDC79A21C1999BECC058B2C94DD4C90C5EA48FA66F187630A29EFF4431459EB63EF84B8357982F0E6FB7B48A09B56998269
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... .......k.jg........................(-.............. 6..........jh..........`.......8...........T............i..:g...........7...........9..............................................................................eJ......H:......GenuineIntel............T............jg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER69F1.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8436
                                                                                                                                                                          Entropy (8bit):3.709745707094679
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJZGe6Z2Hf6Yffy6MssgmfDHdGpDr89bLWsf/5m:R6lXJR6ZUf6Yy6MXgmfJ3L1fs
                                                                                                                                                                          MD5:636772C5348E0A91936FA62ECAD37AB6
                                                                                                                                                                          SHA1:E30EC311E6C3C7A61D73FCBD6EACB00AD02962EA
                                                                                                                                                                          SHA-256:CEA43CF03FDBAFBEC5E364DDC8A83E66C01070864F5BAAA41C0BED94EF6C150B
                                                                                                                                                                          SHA-512:F67621DEA873A87BAE68F1C48A6C3CC4862D0510634CD0A477B129BF2162723805CC1E34ED428708D9358A512318BA72444089F349B7A8BA2E0B73CD6DB3C6DA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.7.2.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A21.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4792
                                                                                                                                                                          Entropy (8bit):4.470996622621644
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:uIjfgI7Xv7VwJKXwXSAiuXEXtKnRVvWUd:uI8YXv7iagSQ0EnXvWa
                                                                                                                                                                          MD5:B128CD76DEC28003248565DF92F25038
                                                                                                                                                                          SHA1:91DA79F531FE49EBCC96C9D3F811D418BBD0395C
                                                                                                                                                                          SHA-256:AB24CCD020C92AA7B401E660A9F4DF88D09CB56714026BE78AE944419ABF941C
                                                                                                                                                                          SHA-512:0123EDB0E60804F8A497337C8CFF0D242E8684D109EF83317F6886FF4C257F023D42BE566F146F92540B3187124EF1AF2F16702A4CFC34314716997A393B1D1B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645265" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A31.tmp.csv

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89050
                                                                                                                                                                          Entropy (8bit):3.0362694935355443
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:KjHkiHlD0IX9YSdZ7cN+5EqUInd5ZXcNqx:KjHkiHlD0IX9YSdZ7c85EqUInd5ZXcNK
                                                                                                                                                                          MD5:330D0A9EBE55DAA11511EFD0FF096DD8
                                                                                                                                                                          SHA1:33407635315700E5751DB6F91028534D6EEF43C6
                                                                                                                                                                          SHA-256:9A9C4A2D6CACAC3DE6C10272F5943C021828A246E910F62D2F36FAB56D4F4EDA
                                                                                                                                                                          SHA-512:09D29A8D582B924C7FF5CDFA027E817FA6F45C4C39AE79D26FA438F4DB170D69BDF77AE2D805AD8A3932B3B2940CE6EB196B5DDAC71A0DEE5BA3A596858ADA4D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6ACE.tmp.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                          Entropy (8bit):2.694187955198394
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:TiZYW49ig68YOxYiWjHHYEZAPtNi3ITR/wzRUa1zIuMIkHsI38fS:2ZD4v/x/iSaJIuMIkL3uS
                                                                                                                                                                          MD5:33E6E791CF58310230B0A41D9999D958
                                                                                                                                                                          SHA1:C56A34337B97D638F3C276EA1F666E4667409355
                                                                                                                                                                          SHA-256:CBC90AA3E40E2BB8F49266950C17E249B2ECC1C7E0B3C278CE1D9EAAA90D9600
                                                                                                                                                                          SHA-512:DDE1852D01AC7277147D3B4EED26D74FBC796A89AD684B5F7D005DFDC3E23D04460F40CFA0752839231636E0E82880DAC2C85B3B38A769A7D61E3CA74DC2F24F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8EF2.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 11:21:24 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):131020
                                                                                                                                                                          Entropy (8bit):2.219225570288209
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:ColxKUQ2b1+sw+48YgSUVkqDafnA3UEq7OQ5s:CCpZ48YY9DafEUEq7OQ5
                                                                                                                                                                          MD5:D1BBD2DB4F1AD013477F2EDE5F157E5C
                                                                                                                                                                          SHA1:AB734877922045173842232F591D4E1838DC935E
                                                                                                                                                                          SHA-256:89C50D9A79191626DA1AA91012C1EB6BF9031EC5F79A8C1D10FF9D4F201D4C6E
                                                                                                                                                                          SHA-512:6059066334F111A844C2DC23B7D70D7705F0C1E8EAB44770E733014E87CFD75A7C6899FC12E55E2BB577E7BFE9846523AE0F35AAAC04482CC89CD6DC31B469A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... .......4.jg........................(-..(...........P6..........fk..........`.......8...........T............k...............7...........9..............................................................................eJ......x:......GenuineIntel............T............jg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER90C8.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8430
                                                                                                                                                                          Entropy (8bit):3.70766579814582
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJZG26+u6Yffm6MssgmfDHpkn6prP89b+Wsf6Km:R6lXJR6+u6Ym6MXgmfNW+1fO
                                                                                                                                                                          MD5:4DFE46E9C53D5DDAF0006F81D0E8747A
                                                                                                                                                                          SHA1:7C8BC22F8F92301DDD090DFA8F0C5B777B07565F
                                                                                                                                                                          SHA-256:C8AAA468F5433CCAD84CAECFC353BFF0BF486289C1F71C05D9D67651A60A3EE3
                                                                                                                                                                          SHA-512:6F5FB5E0BEF9DFB20326D1AEFA5D07BDC22F64F2F6BF415587B030930A92E5A39C44301A36D3A3B4DD955EF847500DE9730CD864D10917DFA5D00ACF4554EECE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.7.2.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER90F7.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4792
                                                                                                                                                                          Entropy (8bit):4.470526676944878
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsJJg77aI9O8CTWpW8VYbYm8M4JKXNOXjFp+q87XEXLbKnRVvWUd:uIjfbI7Xv7VHJKXwX3uXEXnKnRVvWUd
                                                                                                                                                                          MD5:E92058326E0B8C5D43AEA330D5845933
                                                                                                                                                                          SHA1:E06CB873EAE271DECC70282E2723C781073C226C
                                                                                                                                                                          SHA-256:0D5EA94A8D1B753E0C68DFB85CBDC87FC25AED8AE143454F037296DAC26996A4
                                                                                                                                                                          SHA-512:A44B828B5A78FC8552052225BF4BD4CEB6971028900DCF2551075DB3BA8EB50840CC878A24E253D4330D99095983D123EBBFAEEC0B5B766841B59D1AB614264B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645264" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9105.tmp.csv

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):85754
                                                                                                                                                                          Entropy (8bit):3.037930423797603
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:GfOBHyZkDdPEkHgIgvtW+mvgN+5EqUInd7bM2:GfOBHyZkDdPEkHgIgvtW+mvg85EqUInB
                                                                                                                                                                          MD5:FD300BFA7984B5FFD5F531B36F6138B3
                                                                                                                                                                          SHA1:DF7379A14DE886D3D6703F09A141C37823FE930D
                                                                                                                                                                          SHA-256:DCF559AE8A52D1BB5C884B8189F02823374E974235E29637AB67B868E8C2FA50
                                                                                                                                                                          SHA-512:FB455954B4DC5EE2225901D4546FAA1B9C71DC61F07833F59A6D53CDD5BA87D3D804AE27D7C5752F50CD92B1F8C3B1BB800A92357D913FCEAC2A05B45366581C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9173.tmp.txt

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                          Entropy (8bit):2.6871541949172184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:TiZYWS7Sgsh2TYnYtW9HHYEZVYtKi7IhRNwE+MxqLlgatTN9oM6hvIua3:2ZDSiUgxtdoLqaR3oM6hAua3
                                                                                                                                                                          MD5:278F6A05C88A56EBF6C546CFCDF777E2
                                                                                                                                                                          SHA1:7EC885CC4C4B206E945514A0FAFBB4D38B47C493
                                                                                                                                                                          SHA-256:3CEF515B0E92650D4F5AFB61513110B09078B234009380BA64EDD2067559CF83
                                                                                                                                                                          SHA-512:1A833C724FCB3EC8B2BD1B33E3FA44FEE4FFB563EE18D0F0EF1184C0F1B36B8D45068DB937A39A6C78F8E0AD23DDFA56B7CEB3F66533FB67AB2A79F5AC508187
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                          File Type:Certificate, Version=3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1398
                                                                                                                                                                          Entropy (8bit):7.676048742462893
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                          MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                          SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                          SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                          SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):264
                                                                                                                                                                          Entropy (8bit):3.0961158341916697
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:kKu/cK2GhipWhliK8al0GQcmqe3KQjMIo1l2L/:G/72GIWzyZ3qe3KQjxoK
                                                                                                                                                                          MD5:64059B3F80AFB5FCD25C23BF7082019F
                                                                                                                                                                          SHA1:7EAE5CBD5AC14E7580B0DC679FC548AA073D557B
                                                                                                                                                                          SHA-256:5E95262583DFF946C84403BDAFE9C9541DC5075DBA595D4CF4BE6AB8BD818478
                                                                                                                                                                          SHA-512:9FA57666574E5DA62956D162F2B39B3FED597D2F8EF77585E8FB4C0F0F6402B183EA38DCFD7670312DDEEAE512AED4795F6D700454371255DC1C7D74D8CC666A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:p...... ....v...~Tg..U..(....................................................... .................(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.3.3.e.5.-.5.7.6."...

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1128
                                                                                                                                                                          Entropy (8bit):3.8742260026520943
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:V98uCRMdOEUxEsRzvXRUQABeS34/3iElM6b7r6BvayFHoOmt5I:V98uN/Uu0vCQx7yEm6eayFHoXty
                                                                                                                                                                          MD5:D9D096EEEF24C53141835AB5CA994401
                                                                                                                                                                          SHA1:99C857C59FCA45AA15E5D1EA8985E2D096D0409D
                                                                                                                                                                          SHA-256:EBFFE2AB4095942634DE0EBC42D18126204D48FA29D9D7F992232C91C0EA8B39
                                                                                                                                                                          SHA-512:B2A56AAF5F29D4798C107DBD810171836E21AC2C9F41D3B4E4276ABF7D52444D722AC9C4DAE0DCFB611176CCF1A3878D16C84742007F7D38F396E1378EEE0025
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.g.m.w.r.G.K.+.o.b.0.6.h.t.K.b.H.W.Y.P.5.A.A.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.D.7.4.b.I.D.i.Y.a.8.h.S.u.3.6.A.F.+.p.g.8.W.6.O.3.c.X.p.b.E.M.N.D.4.M.h.3.j.+.d.o.Z.E.g.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.W.u.m.N.W.D.2.e.+.b.T.l.p.M.U.Z.9.F.c.W.z.J.P.Y.M.7.J.i.d.m./.J.Q.E.H.p.1.W.F.y.y.L.N.A.A.A.A.B.P.t.G.s.b.P.Q.M.r.n.j.I.V.b.M.v.R.n.q.v.j.q.P.I.N.h.U.c.H.V.x.X.l.U.V.g.F.H.w.t.o.N.+.a.q.N.O.8.p.v.A.r.s.H.7.I.h.q.4.n.F.a.w.U.6.M.f.c.s.u.2.8.D.l.a.B.3.O.P.S.h.5.H.H.n.L.W.U.p.5.Y./.o.M.j.W.W.6.N.w.p.2.C.m.h.I.1.Y.l.t.u.M.C.L.o.G.G.E.B.G.Y.A.G.q.E.O.D.c.r.8.a.v.m.Q.H.G.0.A.5.x.+.F.4.9.d.9.d.s.+.x./.C.4.B.z.B.6.E.H.8.C.a.7.K.P.r.T.P.x.N.w.T.P.A.p.M.S.Z.8./.8.A./.d.u.k.h.l.L.r.9.M.c.R.t.y.V.g.I.7.O.N.1.w.B.x.K.6.I.u.x.6.B.E.B.c.6.X.A.6.O.D.L.Z.J.d.J.b.T.7.0.1.W.2.m.v.U.m.R.Z.D.y.O.q.R.T.u.i.V.I.Z.X.E./.J.R.4.9.5.B.B.L.Z.t.l.f.u.1.Q.L.d.o.+.o.B.M.o.Q.A.A.A.A.C.h.e.P.r.a.F.g.S.R.i.c.m.g.r.q.X./.8.+.y.X.t.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):64
                                                                                                                                                                          Entropy (8bit):2.781653617952545
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:w+ZZXP7KlkHQYPS6/1Ip:fZZelyQYS
                                                                                                                                                                          MD5:84EF83EA9FB0CE8ECCEBF67FCD39556A
                                                                                                                                                                          SHA1:C815725ACFA09088612F26DD575ECD301B6BE96A
                                                                                                                                                                          SHA-256:C5E056ADE870D0948B92CF6B004A17897948F80ED160637119B6BD8E41E1EEDD
                                                                                                                                                                          SHA-512:8A06EFE4270A9AE5363561DF04AD1FEA7921CAEFDC8FE7693476AE09AD46EF496E78780C983A28338CAC841733E28539AD20C7178CA14597FC96520CFA6DF173
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:C.F.F.6.5.F.F.2.0.D.5.E.D.B.5.7.0.C.2.7.F.0.8.2.5.5.3.6.0.4.A.A.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                          Entropy (8bit):2.881779299567118
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:BlMdnIl4iAlY5yClKmlAVlyln:BGNIl2lYImjlAql
                                                                                                                                                                          MD5:8835F694C193B1C09A4CD3E366D54905
                                                                                                                                                                          SHA1:5D36180D70821B1B9E53A781173D0C03380E82CC
                                                                                                                                                                          SHA-256:5C9B59F0269935CEF87B2E905656E6EBFBF107F6D186DB389F553C3391ACFE50
                                                                                                                                                                          SHA-512:14AA236B304B6311879CD4C20BB643D4729AC240AB63A11D5CDC1BC65FE1EAE90B8BE1352AC094875EF598C2ED2A3564132FCBA13EEF643D906377341BE8152E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:9.8.e.e.e.a.0.8.-.b.7.3.e.-.4.0.2.c.-.8.2.9.6.-.a.1.3.7.1.f.b.0.3.7.f.e.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3025328
                                                                                                                                                                          Entropy (8bit):6.402840215003268
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:yLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvf9:+wSi0b67zeCzt0+yO3kS3
                                                                                                                                                                          MD5:49312C19FA9B298CA2AE71E14F07CCF3
                                                                                                                                                                          SHA1:0150F9D27733BA2D0647DA03453E1B1B6535861D
                                                                                                                                                                          SHA-256:74C20B61D428450E2C0B3974381684190D8BBD2AEF3D573C86A3A954598319A5
                                                                                                                                                                          SHA-512:A1C4CBCA2974277C52B2689A43A6D13F88884E1E8BE3B42A1C23E615A226E8D7C0FDCA2591EE4E8C39F439CB0FF0BCE3898676C95D3ADDC8D7F0C5000B0EA092
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.p.............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...p.....-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\AVG_AV.png (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53151
                                                                                                                                                                          Entropy (8bit):7.982330941208071
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                          MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                          SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                          SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                          SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\AVG_BRW.png (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47501
                                                                                                                                                                          Entropy (8bit):7.9807583617034075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                          MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                          SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                          SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                          SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\WebAdvisor.png (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34091
                                                                                                                                                                          Entropy (8bit):7.93533045608607
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:ZH5cQCJvj3+2/C0clMzHBtHlRX6DVL8dT1DKSd:ZZPCJvj3rVcyzHBdls987DBd
                                                                                                                                                                          MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
                                                                                                                                                                          SHA1:046FD119FE163298324DDCD47DF62FA8ABCAE169
                                                                                                                                                                          SHA-256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
                                                                                                                                                                          SHA-512:A5E8BB6DC4CAE51D4EBBE5454D1B11BC511C69031DB64EFF089FB2F8F68665F4004F0F215B503F7630A56C995BBE9CF72E8744177E92447901773CC7E2D9FDBB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a.....IDATx.....$.u....g...Q.C$%b:..!A...D.D..c.$........y......}W..f?_.....Y....5...^?.G..ZZ.]..zX..AI.I...<.4I..|...t...8........}_vWfD.8.>....(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(.R.......w._..q..v.+..=.K{1..o...:...^..p..g....9.<@..k.~.3.!aZF.tPy...Uy.../=..g..<v..V....R..P..e....c.....?..g...h..!?.x.....T.......?^...|....._....'>.c..|...../.......z....<~....k.o...j..Cs...>.........y............._.e...`...~.d..q.0..a......0..=tc....&....;.%._...Q[......f.M.......e:.T....jW.}1Fl...<.O...j.(.-L..b..?X....'.{..;r.'6.db.E.}..~.....OXC.k.....`.~w^.^.w....K[.9r.1!.....;^...~.S_..i.D.~..@.v.=..f...'._..Q../Z#...R.....s.~....r....?>....v1D....[S.E.a.p\..F.4bn..t..5.rfo.(..(S.#.R...v.?s.s...v..o~..G.....o{.7...~......w..d/}.&..p.l...?4.#]............A...

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\_isetup\_setup64.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6144
                                                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\error.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2444
                                                                                                                                                                          Entropy (8bit):7.881258656866732
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:/Cw1dpDYxwCWOVhQJqdZq4Q3TGaTmdTBZB31HqucFOpZ:/Cw1fk+OVhQqdZvQ3TGBjlH/
                                                                                                                                                                          MD5:8303E7651CBD01CC413B0026ED537E6F
                                                                                                                                                                          SHA1:85542365101CB85656F018CA63C894C3C56F1C01
                                                                                                                                                                          SHA-256:696782A8DA306783593128B669F9E2C709030FDE555BB2703244E81CE17A31AD
                                                                                                                                                                          SHA-512:11A3D9EAF8413600AC2636A1B18DCDFBF8BAA05ED7DE60AF300BC34B709DECB78D87C51F3C35484FCE7A803F7370CA45C105C0FC3066A6D6BFE702F253C36228
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d...!IDATx^..pTW....]6..l~..._..e.........X..Ic[.v......FTH;4.......A..*..8)..:B:.3.D.8L..SB6.&l.d.l.]...dM......m>3.{.y.~.;..s.}O.%..[..{^~.X?4t..._..}V....O.....(.Q.|.........N..ii...S...././.h..;...+WVJ...R .e....R.$..$.%`0..(-m.nk....9......z......]....!~3j2.b..u.5!.v./7..o..Q...&.....G...t&.....1o.!...i..6..c.[.+..?.3/....>..P...}...>.P_../.t.?k......l....13j...>.{.F<..P..nl.....))1.Z.M.....Mc.i...Fu...-*15.oaa.......iz#..|V.#..n.[......W..dSj .p.hN...(....x.u..Gk....../e.>....!..M.zT..R..............y...nz..j.......!M`.....|z..&.D.+...8...vZ%9Z.M..s).&@....s...s{...11Z..j:r..o.9?...lR.k$#.|..jR........|.F....a6'.....^Wy.wq....`g.A..@.y....p.jJK.?^.....Iy.b...4...3.../..w~3..E].]w....N .<#fs..zB0.h1.........i..w(3.!..[..78.....'....UFv.-c.+9* ..e...&..'..5..VE.9.b....;.8.D.@ZI3..l..+..j....O.R\.3....*D.q6E..^...\....0..%\..h.5.......S.h.;0.....wu.|v{5"........

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\finish.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2298
                                                                                                                                                                          Entropy (8bit):7.901998893489053
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KqqJYpZPlBqNTopskOg2btpLDCxGBVUQJCEVgvt4E5JUl2uW6:Kq6Y7t8GCPg2f9V/kJa2u
                                                                                                                                                                          MD5:1BDB17B59DD0FC8360B30C5CE46762A0
                                                                                                                                                                          SHA1:70CD6AD40F2BB14822FF1DCA766BCE6B02AAA8D8
                                                                                                                                                                          SHA-256:49911E40F4E80C8342524034A6A96907703EF9EF4ABDB6175AD6F93824DF6CBE
                                                                                                                                                                          SHA-512:2684FE9F5DF2AC2783B6413572715E4BCCBC771590686E75FCCC80733990E68FBE468E0FB0AF78B03DB4CCD6277028564CC8CCF91DB5E65122F06FF80F20432E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[.l.W..{vm.v;/I..v..MT....UiK..U.I..GD.1i].!4.4..&.?..J5m0..MB.$..!..nJ...*&.5......n.Y.......l...;..W.}.....}.{..{....T....}.g..-.....S.......:..B..r..j.i.]B....!..7..........m..,W.T...N...W.....W....D.y....[(.!.TU=.R........FU..6...X.=.N|]7.{u.e'Q.2G.P.>..7..^...z+.jS..>...Y....9.G...Z..W..`.ea.O./'.?m..A.B.........p.....-.2...l=.Cw.n^....I...d..........d...ei.x.[..5.x2.M.....@{)...p..x.G...;Wo.%q...6..-.J]..)...u.+..~.V..N.7.c.q8.^z.....#...wD.,..3...;..m4..^..v.r....a..<.M%.......7A...pt.y.7./.p.....I[.lQpFM...2-.X#.[u...H.9$-....>....>.F......Xl.`....."...x...6...2.X...m#-r..\,]N.g.a......xj..0Z..}......k.7P.#..:..X.'.!j.$3.o&...M.N!Y.-.bq<..t.'\..|..jx.L9..g..0....~.'9......Q...Ly;.VjF2....z.U-& ...w.^..n.^..: cW.q..f$3...LY..`.... ....._..[n....I..bL. E..u..q=...=X.>..8..~......xQ...C..c..*..=....1y.:1.R.c.GROf.....e>=?..e..&..|i...Q.........Kn..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-95259.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-A9KLH.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-D73R9.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-K4MEG.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53151
                                                                                                                                                                          Entropy (8bit):7.982330941208071
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                          MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                          SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                          SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                          SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-LHH0S.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34091
                                                                                                                                                                          Entropy (8bit):7.93533045608607
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:ZH5cQCJvj3+2/C0clMzHBtHlRX6DVL8dT1DKSd:ZZPCJvj3rVcyzHBdls987DBd
                                                                                                                                                                          MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
                                                                                                                                                                          SHA1:046FD119FE163298324DDCD47DF62FA8ABCAE169
                                                                                                                                                                          SHA-256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
                                                                                                                                                                          SHA-512:A5E8BB6DC4CAE51D4EBBE5454D1B11BC511C69031DB64EFF089FB2F8F68665F4004F0F215B503F7630A56C995BBE9CF72E8744177E92447901773CC7E2D9FDBB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a.....IDATx.....$.u....g...Q.C$%b:..!A...D.D..c.$........y......}W..f?_.....Y....5...^?.G..ZZ.]..zX..AI.I...<.4I..|...t...8........}_vWfD.8.>....(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(.R.......w._..q..v.+..=.K{1..o...:...^..p..g....9.<@..k.~.3.!aZF.tPy...Uy.../=..g..<v..V....R..P..e....c.....?..g...h..!?.x.....T.......?^...|....._....'>.c..|...../.......z....<~....k.o...j..Cs...>.........y............._.e...`...~.d..q.0..a......0..=tc....&....;.%._...Q[......f.M.......e:.T....jW.}1Fl...<.O...j.(.-L..b..?X....'.{..;r.'6.db.E.}..~.....OXC.k.....`.~w^.^.w....K[.9r.1!.....;^...~.S_..i.D.~..@.v.=..f...'._..Q../Z#...R.....s.~....r....?>....v1D....[S.E.a.p\..F.4bn..t..5.rfo.(..(S.#.R...v.?s.s...v..o~..G.....o{.7...~......w..d/}.&..p.l...?4.#]............A...

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\is-VB33T.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47501
                                                                                                                                                                          Entropy (8bit):7.9807583617034075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                          MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                          SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                          SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                          SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0 (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23918680
                                                                                                                                                                          Entropy (8bit):7.990645224140664
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:393216:PyviTGPqMd2s5jqwcJFOM75FbVgmaccebfTBRL7WIJDFX6ZeplPVGUI4uK:aaAv5jq9O657x9+IJZ22PRI4uK
                                                                                                                                                                          MD5:7DD0FAA9C00391333B2A12D21CA028BF
                                                                                                                                                                          SHA1:2987248DB6382971D36F80EA45C0EE654C672CD4
                                                                                                                                                                          SHA-256:E4B5817742A53DCCC24CD2A266223045D03DA537B815CB03B782D4E6BAED5020
                                                                                                                                                                          SHA-512:CE700D9F59800C5A440D6DAFB1844F60B793B254A2186CC3B39654C9341AC7EAAC31D4A3F97B202AD40D17AAB21D6B3F277E38179237996D617A8968DCD164C4
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."...........f................@..............................j.......m...`..................................................$..(........'d.....|2....i.XX....j.....p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc....'d......(d..l..............@..@.reloc........j.......i.............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1184128
                                                                                                                                                                          Entropy (8bit):6.623147525519113
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                          MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                          SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                          SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                          SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1 (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):234936
                                                                                                                                                                          Entropy (8bit):6.580764795165994
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                          MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                          SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                          SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                          SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2 (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5727368
                                                                                                                                                                          Entropy (8bit):7.987929042344586
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
                                                                                                                                                                          MD5:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                          SHA1:BBCEEF9812A3E09D8952E2FE493F156E613837B2
                                                                                                                                                                          SHA-256:5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
                                                                                                                                                                          SHA-512:BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV.*_...PV..PW.MPV.*_...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f...*.......5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.......*..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23891968
                                                                                                                                                                          Entropy (8bit):7.236497962515903
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:393216:NKsbm0ApvEqrGtYHviInnmC0dGpZFE6ZFERnsW4j2SDXdfD5X3vcMiWqMDi49QLu:hqr8NInmCgltTSDX59RidMm4uu
                                                                                                                                                                          MD5:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                          SHA1:2913C78BCAAA6F4EE22B0977BE72333D2077191D
                                                                                                                                                                          SHA-256:3CEC1E40E8116A35AAC6DF3DA0356864E5D14BC7687C502C7936EE9B7C1B9C58
                                                                                                                                                                          SHA-512:88D90646F047F86ADF3D9FC5C04D97649B0E01BAC3C973B2477BB0E9A02E97F56665B7EDE1800B68EDD87115AED6559412C48A79942A8C2A656DFAE519E2C36F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.<%4.Rv4.Rv4.RvG.Qw..RvG.Ww.RvG.Vw..Rvf.Qw*.Rvf.Ww..Rvf.Vw..RvG.Tw2.Rv4.Rv!.RvG.Sw..Rv4.Sv..Rv..[w.Rv..v5.Rv4..v5.Rv..Pw5.RvRich4.Rv................PE..L...Dx:b.................t.......... g............@...........................n...........@...................................Y...... d..V....................f.....pzN.T...................h{N......zN.@............................................text....s.......t.................. ..`.rdata...p.......r...x..............@..@.data.........Z..j....Y.............@....qtmetadv.... _......T].............@..P.qtmimed.....0_......Z].............@..P.rsrc....V... d..V...Hb.............@..@.reloc........f.......d.............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\zbShieldUtils.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2060288
                                                                                                                                                                          Entropy (8bit):6.6115241916592735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:ewyBp/wFOX9xRo3HVCEd2ynjsfAXBpAK0A8BFuXJFotKLCs:eRDwIN3o3UEd2ynjsoRpAK58BFuXE
                                                                                                                                                                          MD5:59D3C3A9180BA792AE2DAD18B6903CDE
                                                                                                                                                                          SHA1:C8CD105D3A0E99A54D1D16F0D1F60000FA3DCA8A
                                                                                                                                                                          SHA-256:DD01EDBD4368EF227693723C5E427A48B264CB57BBD07D81210D6E633E0B1B2E
                                                                                                                                                                          SHA-512:D6B6358E5108654931FCB3B7920DF65C4AE65D48F9EA012C3F821BB571F821E815D86FEAB85CD55A8CE767F2F7342A512E55D03EE4041AC0BAF4FF13AD238699
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./}..A...A...A...B/..A...F/..A...E/..A...D//.A...G/..A...@/..A...@...A...E/..A...B/..A...D/..A.%.H/..A.%.A/..A.%.....A.......A.%.C/..A.Rich..A.........PE..L...+o\f...........!.....f...N............................................................@.........................@..........T........A..............................p...............................@............................................text....e.......f.................. ..`.rdata..NL.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mwa67FC.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):164864
                                                                                                                                                                          Entropy (8bit):6.201995701481623
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:q3CSE9n0WjsAGX5Gn39yf19leo13plmJXTD:qM90WoAGJqe1neceJj
                                                                                                                                                                          MD5:662DE59677AECAC08C7F75F978C399DA
                                                                                                                                                                          SHA1:1F85D6BE1FA846E4BC90F7A29540466CF3422D24
                                                                                                                                                                          SHA-256:1F5A798DDE9E1B02979767E35F120D0C669064B9460C267FB5F007C290E3DCEB
                                                                                                                                                                          SHA-512:E1186C3B3862D897D9B368DA1B2964DBA24A3A8C41DE8BB5F86C503A0717DF75A1C89651C5157252C94E2AB47CE1841183F5DDE4C3A1E5F96CB471BF20B3FDD0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..dm..dm..dm..gl..dm..alj.dm..`l..dm..`l..dm..gl..dm..al..dm..el..dm..em..dm+.ml..dm+.dl..dm+..m..dm+.fl..dmRich..dm........PE..d.....3f.........." .................S....................................................`..........................................^......._..x...............@....................;..p............................;..8............................................text............................... ..`.rdata..............................@..@.data........p.......T..............@....pdata..@............`..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\AccessControl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26848
                                                                                                                                                                          Entropy (8bit):6.652871453473559
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:qflzhxZBcukmxQN2NMBMLh2ES+9DlJshjJy0swiEVAM+o/8E9VF0Ny29:8lvcu7x7uB2R9pih1y06EVAMxkE
                                                                                                                                                                          MD5:39B6A146E9DAAE870A394530B5723E96
                                                                                                                                                                          SHA1:2E62DBE3A1BD65BFA245E38021F8BAEB24EA3291
                                                                                                                                                                          SHA-256:2A3C3830996953E592FDC67B1F4B4F3B4194F5CA28929E577297A72A58C84A84
                                                                                                                                                                          SHA-512:5C27896FAC5B37A0856379323EDA80F52154F1335DA86A966E62E28366D613687C193B6A8E37DF9C6285B1AD8137D9F4F01A550D02E74A5C4847310FAB482354
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9[..X5.X5.X5. ..X5.X4..X5.?1<.X5.?15.X5.?1..X5.?17.X5.Rich.X5.........PE..L...BcL^...........!......... .......*.......0......................................S.....@.........................p<......|@..P....`..............H@...(...p.......<..T............................................0...............................text...I........................... ..`.rdata.......0....... ..............@..@.data...L....P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\CR.History.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\FF.places.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                          Entropy (8bit):0.037963276276857943
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                          MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                          SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                          SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                          SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\JsisPlugins.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2160856
                                                                                                                                                                          Entropy (8bit):6.779350356047654
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:SdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:SdpucFwL9zymTn920aBa7deJfRgbHQu1
                                                                                                                                                                          MD5:916F3D54B2714E4129A786CE128DBE0B
                                                                                                                                                                          SHA1:B2914CADC19CD87F1FA005D9216F6AD437FE73AD
                                                                                                                                                                          SHA-256:9B2FB069FAD6A9422808C1526328A1D6305573BE9EBCC3AEAB7A38664D02AC6D
                                                                                                                                                                          SHA-512:8C05F71E55D6B5F1DD797DEE852183BDBD7D7EB8D36B760C5C7413BC79D5F2C8300C41AC3DEB76F2AA497D8C86434F04F3A7DD17EA65D0E44CA5FB8E59F62416
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............e...e...e..xf...e..x`.m.e.ka...e.kf...e.k`...e..B....e..xa...e..j`...e..xc...e..xd...e...d...e.ka...e.k`...e.ke...e.k....e.......e.kg...e.Rich..e.........PE..L....5.d...........!.........*.......s....................................... !......S!...@.........................................................H. ..(.... ......G..T....................H.......H..@............................................text............................... ..`.rdata..............................@..@.data...(...........................@....rsrc...............................@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\Midex.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):129760
                                                                                                                                                                          Entropy (8bit):6.686100620416484
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:wACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazG+k:wACUTz1JlopG5K4OZgeC9
                                                                                                                                                                          MD5:18198BAE7294424D3607F776F5EF7B0F
                                                                                                                                                                          SHA1:5EBC82D4C91ED2736F98AED57EB8578F0F225C33
                                                                                                                                                                          SHA-256:6078F5FDCC332F617773AAE89AC3DB0888A0360A32BB6D9431D716471D1C480F
                                                                                                                                                                          SHA-512:507D625C0643165B12A2C0EA01765445AD632136DA0A40B14EC36B0E1794D3ECE43CE482B5E4C9281565AE3BF226C60FBA5A25C085430EC5F1D17B7563CAA4A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................\P5.....\P7....\P6........................W............r.......r.......r.;.......S.....r.......Rich....................PE..L....lL^...........!.....:...........E.......P............................... ......"-....@.........................0...D...t...<...................H....(.......... ...T...........................x...@............P..L............................text....9.......:.................. ..`.rdata...p...P...r...>..............@..@.data...t...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\StdUtils.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):200416
                                                                                                                                                                          Entropy (8bit):6.688698057656482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:sRXOjZpSOAPrzjyfvwyYUDBftoJiEqNuozAsWFFowXV8xBY90JZx4INb54UVuH7d:OOdpSOGvWjbLtBwF8TJL4IxVuH7xlh
                                                                                                                                                                          MD5:F2AAC54C495BD4566228E5CC2CBBFE97
                                                                                                                                                                          SHA1:3DBFCA2AB60C17B1A0FCF3E6B8EE7AD18173FED7
                                                                                                                                                                          SHA-256:22AE097B02F02A7C2151B113DD5756965D3857A148DF19C745D4DA2A4887B292
                                                                                                                                                                          SHA-512:FEFFFD62B4735D7AF459A771FFB73AF8AB0BE8CD08C1BA6B009D28CF9F97AD138976F628AE28600CCA0FF10B7FFFA63B94E34EF4328623A28F8088F028597BFA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.................................x...g,.....,.......,.................a..........,......e......e.......e...............e.......Rich....................PE..L.....l^...........!................\........0............................... ............@............................T...$.......................H....(..........0...T...................,...........@............0...............................text...8........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\inetc.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38112
                                                                                                                                                                          Entropy (8bit):6.31022202046075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:sEE9m7Lbg4nqAYYDqAvELv5TGjgy06EqAMxkE:sEJnbpnBDBED5TjxIx
                                                                                                                                                                          MD5:5FDB8BD2FE89ED7B03F2DBE64D5F51EC
                                                                                                                                                                          SHA1:355AF194C6C003ADD61808F7D65C104C3B221AC5
                                                                                                                                                                          SHA-256:4A926AAD3FD97366E164E92CC0D37F76E6ED348757F72EDA499C3DE19671BCE3
                                                                                                                                                                          SHA-512:FA177B5710E2479C59E7E0A6047D69C09D565905105D08F983840B0E77209DB0B8DF6646FE9827997619015888B536F7CC0B1654F6AAD383B2A571C4694274E1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.q,z.q,z.q,...,s.q,z.p,/.q,..t-x.q,..u-{.q,..q-{.q,...,{.q,..s-{.q,Richz.q,........................PE..L...B.b^...........!.....6...|.......2.......P............................................@..........................W..l...xY..d...................Hl...(......p...PW..T............................................P..p............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....V...p.......L..............@....rsrc................Z..............@..@.reloc..p............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsis.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):130784
                                                                                                                                                                          Entropy (8bit):6.313676957875236
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:33Zk9fOAewM0+W8NVH28fB948igEWo8P+fidx:33qNOApM1G8fBpidWZ
                                                                                                                                                                          MD5:4A98ACC5AD0E701E3289231FDB253A5D
                                                                                                                                                                          SHA1:A8E7452658EA0777CF838FEE2ABEC806B147E832
                                                                                                                                                                          SHA-256:E9B0AF410098EFA3848CCCA171C6933C70FF06B241F3806FD3816EAB5757BEB6
                                                                                                                                                                          SHA-512:1213061966D9858467CEEA746EEE2A00CA381CC693457E347D58BEF7996DAD4F5EE7412FCC2A4E48F96256445D966141F2BCA993132FCE4402142A57114D8AB3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Q.'.?.'.?.'.?.....4.?.'.>...?...;.2.?...?.&.?.....&.?...=.&.?.Rich'.?.................PE..L...^<.e...........!......................... ............................... ............@......................... #......`6......................H....(..........."..T............................................ ...............................text............................... ..`.rdata..@%... ...&..................@..@.data........P.......8..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsisdl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):25816
                                                                                                                                                                          Entropy (8bit):6.714415723163507
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Ej42b45gg3PClGaGU8D1sNy06EdAMxkE6:Ej42bggA6bg1yx1xW
                                                                                                                                                                          MD5:E149A8BCD017059151E37881A442ECBE
                                                                                                                                                                          SHA1:53AFEE6CC4B8098BE98B199D6B2148B0B48D247A
                                                                                                                                                                          SHA-256:2AA66C5745BBF99412C735C601B9592DCE1EF6C888D76EC0FD817D580EB0CB07
                                                                                                                                                                          SHA-512:8F8340678C78F2BA1C4D18F6A108B97F0516A32EF379735C7DAC5B23595B809DEC3FCA87551B107E33637B56107540293166729325BC6EF131C0F968278A61C2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9]..X3.X3.X3. ..X3.X2.X3.?1;.X3.?13.X3.?1..X3.?11.X3.Rich.X3.........PE..L.....b^...........!.........R.......%.......0.......................................f....@..........................0..d....2..P...................H<...(...........0..T............................................0...............................text............................... ..`.rdata.......0......."..............@..@.data....D...@.......(..............@....rsrc................4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\nsJSON.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):37600
                                                                                                                                                                          Entropy (8bit):6.707926977853279
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:K1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqy06EHAMxkEk:K1bYPHqu7EUhL27bT8xnxw
                                                                                                                                                                          MD5:52B19EAA9500F892FD83F8012D705701
                                                                                                                                                                          SHA1:FB06D3004A4AC2C937E878A0AC3285ECE4E305FE
                                                                                                                                                                          SHA-256:081F0B9830921894DF2D8920AF6D7069C8F2298622AFC954731A58C4E2423391
                                                                                                                                                                          SHA-512:82632417A41D9F593C62B8E850E824749BABCF3480C5663767477097B27C680A72CAECBCB7C9F88061FA2C998A99FB3DAFB5A5796CAB464DF4E945FA93D267B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>E..P...P...P.......P...Q...P...X...P...P...P.......P...R...P.Rich..P.................PE..L....6.a...........!.....H...........*.......`............................................@.........................pi..H....l..d...................Hj...(...........i..T............................................`...............................text...AF.......H.................. ..`.rdata.......`.......L..............@..@.data...$............^..............@....rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\reboot.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26840
                                                                                                                                                                          Entropy (8bit):6.837130188655359
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:NimyF0m1ZSB69hT0JLbQjCPR28t5zKIBPUJy0swiEv9AM+o/8E9VF0NyTP2:Nil2EOPQATrRBcy06Ev9AMxkE92
                                                                                                                                                                          MD5:B951C5DE3420EA1B7FC980DE0F16A606
                                                                                                                                                                          SHA1:47729AD26FBDDEE96DD5D29E161852CEA5B94A25
                                                                                                                                                                          SHA-256:7CD1263FAE809FF7BD3F359008661314C9D35C1F6062AF9C81C3130F562BC2AE
                                                                                                                                                                          SHA-512:D3C5D890A550B884C81A5C2A2A19E25E7A6BAEA9E2C13AD5A8D5B624D21FF5865253354D1AE60F7CA1D088AC2035EB4D4585A9AF16C549AF89DC0D7FFCF2CB74
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.0.>f^.>f^.>f^.7...7f^.>f_. f^...Z.8f^...^.?f^.....?f^...\.?f^.Rich>f^.........PE..L...c.b^...........!.....*...........4.......@............................................@..........................@..`....B..d....`..............H@...(...p.. ....@..T............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...0....P.......4..............@....rsrc........`.......8..............@..@.reloc.. ....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\remoteResponse.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):763
                                                                                                                                                                          Entropy (8bit):4.744347543456297
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:YiKwpqL1sjhSG2qwpHgZaJzQR4EGjBrwTSJ0GddZaExdcuevifHZAZiDQ:YiKwkHgI5QCEqBu6BdKEXe6vZciDQ
                                                                                                                                                                          MD5:6A82FFFDD047958F7D1B7F8B44CEFD4F
                                                                                                                                                                          SHA1:475432D32D08A283FE1AE6424A9AFA3E66705973
                                                                                                                                                                          SHA-256:5E408270223DA4D7BAD2C89B19060CE95BBEAFB139C32811319B9F8D1207899B
                                                                                                                                                                          SHA-512:24367B89CADE5247E197883EFAF7DC2C8E27FAF3D196C0C9EF324091FFC884A4CD85666D1DD78CFE3062982DA4CF49A8E06682CC54F1A6F0558356DD9738E7A1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"1a787c28d8444f36a9da12ce828c0736","search_provider":"yahoo.com","search_provider_google_client_id":"NULL","setting_enable_bankmode":1,"setting_force_default_win10":"1","setting_heartbeat_install":1,"setting_import_cookies":"1","setting_import_settings":"2","setting_install_background":"0","setting_launch_install":"1","setting_launch_logon":"1","setting_popular_shortcuts_v2":"0","setting_shortcut_desktop":"1","setting_shortcut_startmenu":"1","setting_shortcut_taskbar":"1","update_retries":2,"utc_date":"20241224","utc_timestamp":1735039278}

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\sciterui.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6398680
                                                                                                                                                                          Entropy (8bit):6.757721296323737
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:yTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwL9BlK5p:yTvkTLVTAudcoJheBnknfFrqNVMu
                                                                                                                                                                          MD5:269EDAF14B5B99A0869A5480DEC9D9D2
                                                                                                                                                                          SHA1:B9F8CE759CADA0874EA2181751E05899658E34BC
                                                                                                                                                                          SHA-256:9752FAB0F93CF571407A4954ED46C0D5F5B1A858BEBD551231D2D21C707BEF70
                                                                                                                                                                          SHA-512:682AE7AE6B4A03DC0EE447E35DA73EF0CFC488984047FD6551D89634382A10F18F84A84B9868484CF1586AEF35634C00F5D3CA083954954127DC59992C33E2DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..............|~..............|......Rich............PE..L...3I.e...........!.........xa...............................................a.......a...@.......................................... ..8ta.........Hza..(..............T............................................................................rdata..............................@..@.rsrc...8ta.. ...va.................@..@....3I.e........_...T...T.......3I.e........................3I.e........T...........RSDS..i....E../'.K......D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb..............................T....rdata..T........rdata$zzzdbg.... ..P....rsrc$01....P!...ra..rsrc$02................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\thirdparty.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):95968
                                                                                                                                                                          Entropy (8bit):6.540971049765208
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:uqNkPugFq0hRqcS+rYS0wreCmbsWmXKcdCbAKPz7VPxzxm:uqN0u8q0hRqhcelwXLyAKPz79W
                                                                                                                                                                          MD5:5D1F1A9575A20E6273D3F1553378DA7C
                                                                                                                                                                          SHA1:97E28C80F8C4DED7F91198B677A02491158F85EE
                                                                                                                                                                          SHA-256:DD9B241E2F8CDC6C9A098AF68EC462850EBBC4391ED57967B37A4CCBC0100A27
                                                                                                                                                                          SHA-512:14BD97CBD1328010E9D613EE1CEC13A9C7008F7C26739C5B054B77D6BF2A41FE8B73FD6D9438228DAE70632838AF898AF26B5A0A73A1387E8E4F5FB7A3CD8AC5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f......................................................,.......,......,.......................................Rich............PE..L....d._...........!.................g...............................................c....@......................... >..|....?......................HN...(......`....6..T...........................(7..@...............t............................text............................... ..`.rdata...g.......h..................@..@.data....2...P.......0..............@....rsrc................8..............@..@.reloc..`............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nse6E5D.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                          Entropy (8bit):4.727166525039482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:YWLSHkawuhTpOPWJn9wuhzVuPWJe9zwuhkPWJECwuhD7PWJGwuhzPWGk+c94GniX:YWLSHk/DOJeQVuOJe9cnOJAs7OJ7oOGn
                                                                                                                                                                          MD5:359CCE9C2DF62868BF4096E887993CB7
                                                                                                                                                                          SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                                                                                                                                                          SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                                                                                                                                                          SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsi5EBB.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18749398
                                                                                                                                                                          Entropy (8bit):5.540150296150122
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:196608:pP8TvkTLVTAudcoJheBnknfFrqNVMuEdpucFwL9z2a7deJfRc6cWljaF9IU+Js:zXBAudcoJ59rqNVMy2G6TS9I1J
                                                                                                                                                                          MD5:78904B99D2C9AC6CA1B032CDEDED3816
                                                                                                                                                                          SHA1:18E5A79B33D5A47536CFC21DE500949530B5A060
                                                                                                                                                                          SHA-256:4043AF6E29B8C64380A471B6D4F74462421925DC3501FF26C1A629B3753B091C
                                                                                                                                                                          SHA-512:0F35D1C96E672CEC9F8479F65616B061A07A52FC9333C4457CDE80EE67C133D871D38636EB7ED39931D6E6050A540767B74F957D0016220D213797EA92980BB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.vs.....,....................{....a......Cs.,....vs..............................................................i...o..{o...o..............................................................................................................................................................................x...j...............................................................................................................................G.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65388435
                                                                                                                                                                          Entropy (8bit):7.999991288604228
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:1572864:GlV0WspelqAu2ccTxIWf/Gh6QCxCm+bOGyB:wSWmecAdn/GsRB
                                                                                                                                                                          MD5:65F026A845E257238429A4867160D742
                                                                                                                                                                          SHA1:6E7A0E10575F1CEB328E1F21781A791CBEB4A467
                                                                                                                                                                          SHA-256:8E0C9B2C4D292830C4B2E85CFE045F566F07CC61181CBB4FC96CB7979B1B0B78
                                                                                                                                                                          SHA-512:B4A5F05C4BD032CC6481C8C6801F608585F47F1CF1F9DFE6CEA76F7B23C6217825DDD78EE033B03888CE776F484CD52EE4A673449D9CF68B43DD52D8131AD4D3
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Qg.........."......0....x................@..............................y.....%=....`.................................................PG..P.......p.x..p......H2y.......y.$....F...............................@..@...........pI...............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......F..............@....pdata.......p.......H..............@..@.retplne.............L...................rsrc...p.x.......x..N..............@..@.reloc..$.....y......0y.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):148
                                                                                                                                                                          Entropy (8bit):4.9433780612739024
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:wVXR5KBXGKFZjXOFdfXRky5sR5KBXGKF9WMcD7WtdFGWKP8XnsKEx2PnjXOov:gB5hMXOFdfmr5hdx7mdfbsKEQPnjXOy
                                                                                                                                                                          MD5:F034720C4BEE8CA3D267FD848F49AA2B
                                                                                                                                                                          SHA1:6C1EE67A8D33939F9F0B5B4269832E4497F8D923
                                                                                                                                                                          SHA-256:57E5E98CFAD40A307CC2EA43033E6D4A099ADD8F3CF925D6AB74BE4A8842A63E
                                                                                                                                                                          SHA-512:C9DCE9FEABA6EE7D1CBD4BD6EC0F2FABEE17781BE9B3E4715B9C602F52A07A71F69B5665FF857AA2B3DAA8D8EFD360C4311DB00EE64CC7CA78F777C39BD41E87
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:(N) 2024-12-24T06:21:16 - qBittorrent v4.4.2 started..(N) 2024-12-24T06:21:16 - Using config directory: C:/Users/user/AppData/Roaming/qBittorrent..

                                                                                                                                                                          C:\Users\user\AppData\Local\{5B51A23D-4C08-444A-ABD0-1FE94A31A050}

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):372
                                                                                                                                                                          Entropy (8bit):5.482499476027719
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UMxoUu9MK34QL:hYXc4xXgqmeNs3Mq8M0/dy9LIQL
                                                                                                                                                                          MD5:4D8445BE9D81A364CF37F96FC4E2B298
                                                                                                                                                                          SHA1:3620B97328218316462005C8715AA5F03B4AE233
                                                                                                                                                                          SHA-256:E63A98B802D38A5C6FA8A6BD1A6CF7612A591148C62DE73C3A4C36BF7CDB92AC
                                                                                                                                                                          SHA-512:E751608BF528CE20F58AEDD12B2D480F12F23BC574719A5FF0F5A4249F764DD702130F4FFFEFF19F41810C3D91C04A0341950313A42D598F3011B770EA4805AE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7BA3A9F08C-AD64-49DA-9996-0828C77ABD43%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                          C:\Windows\Installer\5ca400.msi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Installer\5ca403.msi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Installer\MSIA5B6.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1629
                                                                                                                                                                          Entropy (8bit):5.660902135308778
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:BEV9KJnuEyYGoYD8SFoeUllnlV9aXuqguEVltWJcXhV9oRXVM:BpGyw2eIHMEPgFk
                                                                                                                                                                          MD5:FC5D646F852E11E0B7E05D1D873B428F
                                                                                                                                                                          SHA1:CC4C0ADA5E88041084C1DFCD7FFA942606E24B87
                                                                                                                                                                          SHA-256:711B207128B5A9B4C114CE87FB61D9CBEF8DDEB182A83FA0722F3AAA988306E8
                                                                                                                                                                          SHA-512:C3663B0B72E86C3A2660F0D47C4A4E071B906336F9F1E68FD5BEE3E3261E420852865905218891F8F36B4B426212A6E34304E025BEDC86D7F5CDD4D80EA41E46
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{717B7059-A988-492F-AF1B-DCF70BE809AB}-.02:\SOFTWARE\Norton\Browser\Update\MsiStubRun.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......SOFTWARE\Norton\Browser\Update...@....%...MsiStubRun..#0....RegisterProduct..Registering product..[1]......Please insert the disk: ..required.cab.@.....@......C:\Windows\Installer\5ca400.msi.........@....H...C:\Windows\Installer\5ca400.msi&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..&.{95

                                                                                                                                                                          C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):1.171274311095006
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:JSbX72FjOAGiLIlHVRpIh/7777777777777777777777777vDHFiqjBER9JTrl0G:JcQI5w0OB49YF
                                                                                                                                                                          MD5:ED54D4C84967637FDA273AFBA5E831D4
                                                                                                                                                                          SHA1:9E722F2172389C6957E62BBE08A20E69C30895B9
                                                                                                                                                                          SHA-256:BAE3D9899DF39E13CBE48C2C7C8AF2C7B2A4FF1D9339DCDC9D9A470B7A296AE2
                                                                                                                                                                          SHA-512:4BF84B29F90CB5F85A359461D3485C7B700E922377BA8F72083EA6C8CC57C6C718556175245E9BD6EF2FEFB21608EFFE408D891FB4582650E96F13D51AC35B4F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):1.4521045568809214
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:O8PhNuRc06WX4UjT51daZS7qdZiCSIN8lgk:BhN1kjTkZ5/k
                                                                                                                                                                          MD5:09BD89FDF6D18C2FB6811EA988CC8699
                                                                                                                                                                          SHA1:DE6EC588C094DED52AB8B6D9161BFC99FBBF9B85
                                                                                                                                                                          SHA-256:5BA240CCB268A8E4B116D18C04F77CA049053A1498F8E0F93877D88AD8E78976
                                                                                                                                                                          SHA-512:EB33D2F33C9F044B182F4726F0212828AA75173EFBE16E6B36569EC8A7FAE4D94855E4D0041F1C76BC68123FC21ED73D7CB9C9E3E47C77F6F9981B283CF6C843
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):432221
                                                                                                                                                                          Entropy (8bit):5.375179026128367
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauu:zTtbmkExhMJCIpErn
                                                                                                                                                                          MD5:1DCBEBB372E80125BD7AA7C2F0315A7D
                                                                                                                                                                          SHA1:E93A7D158EED02BB343C845DACE4FE06BB5E4E60
                                                                                                                                                                          SHA-256:62F604105DFCC9801475E791D87C1E29C91EB2DB4C89F4F30B4FFA9584A1B39D
                                                                                                                                                                          SHA-512:44CD78DF784D9A6680E90E4F0CB944BEDF33D85022982C4C3DB4AF8D831302DF2274FA8A3C04AD06594D405511A73E4D535D658231BD00A3C3CC2EF35BD66F9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                          C:\Windows\System32\icarus_rvrt.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53048
                                                                                                                                                                          Entropy (8bit):6.729924975001718
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                          MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                          SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                          SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                          SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5944648
                                                                                                                                                                          Entropy (8bit):6.511430665598052
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                          MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                          SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                          SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                          SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\config.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):579
                                                                                                                                                                          Entropy (8bit):5.420426163811309
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfzZMVxYnuiqdQulUUyrZaLk:rVAJI+dspq4NUksYr1uALqVxYnuVmUyT
                                                                                                                                                                          MD5:173270F3089BF6034FC92088D6DCF89C
                                                                                                                                                                          SHA1:AC76FCB0656F834B3885B904D7D56E03C540D19B
                                                                                                                                                                          SHA-256:26CB6BEF15DFD9BE0ADA61AF5F78F3C9AF378E0DFCBA7AC82A9687268F59C2DD
                                                                                                                                                                          SHA-512:A0D1A171DB7F230F68C9AE9FB4FFACD65C5FCACBFDE717497D06AAF8722CD19ACD395A34DE6B106766EE8AB259E9E38926E98CBC4B6AABE5A96944535D729FAF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[Signature]..Signature=ASWSig2A588B6BC0DE03C9E59882D00BDADE9E83F2814DB13B70BA18D1DDEB88B7E6B157468EC649853ABD1CB908465E40D29BA47D917D25A4AFDB2DA4ED2513FCFD5ABFASWSig2A

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3531080
                                                                                                                                                                          Entropy (8bit):6.522879430230983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                          MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                          SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                          SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                          SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8425288
                                                                                                                                                                          Entropy (8bit):6.449288731687494
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                          MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                          SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                          SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):891720
                                                                                                                                                                          Entropy (8bit):6.585338360673374
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:Doke10t8BAFF101+6zAdrZ6WhyBsrTDu+iGVTCCz/Yph0lhSMXlit+oc3q8+a/7:0TZU1A+6zCHC0bzmh0lhSMXldx3N/7
                                                                                                                                                                          MD5:A3E668864285E04A02573E622C124942
                                                                                                                                                                          SHA1:81498BDE4114F03F9AA5F6CA6097F9616689341C
                                                                                                                                                                          SHA-256:689C118B8824D399F4A54875C30CD47AFAE467D96E571CF0DA47B775DA21231A
                                                                                                                                                                          SHA-512:2DC8124D1F360B4B5708AA72203EBC6786E6A9CC34C8006895ECBB43E457ABEC5CF5967CD62D9D50E6406BFAB44DE699E968DF5178D82FDE98B75B399EB3AFC0
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........h..........|{....|{.x....:......................|{.....|.....q....e|.....qT.....|....e|....m|..........e|....|{.....|{.....................8......P.........Rich...........PE..d....BHg.........." ...&............................................................wd....`A................................................0................p...k..Hp...+.....................................(.......@............ ...............................text............................... ..`.rdata..j.... ......................@..@.data...........J..................@....pdata...k...p...l..................@..@_RDATA...............X..............@..@.rsrc................Z..............@..@.reloc...............`..............@..B........................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 891720
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):330898
                                                                                                                                                                          Entropy (8bit):7.999463671306361
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:2Q4TuG9pskki5VyWURdHTW0NLFcUQMsnH41fWafmyYAywiWPt8VAi7h:2FXsiQRdz3NLPQMLsY6wi/VB7h
                                                                                                                                                                          MD5:A93333D33435FC21F66C0EA7D0922EFF
                                                                                                                                                                          SHA1:D3EC2C8028194993EF842A43ADDE39F56384AD93
                                                                                                                                                                          SHA-256:AEE57B1F33AB198785BF833B178A13279A33FF13F49E6F9B7FC1A87E979ABEB7
                                                                                                                                                                          SHA-512:1813E2B7FA9C11DD0F7474F891BD72A50E3703D9D313B71C779D68D39E227C6E7A2CC34D98629540956729A7D196D6ADC0C7D496A9BA4E7D954CB93B2D6E40D9
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f..2e...l{..1.*.cH...1...:.E.................3.)..!<.s(u..y.u....](+.q*?F......A....fJ.pWUnd.*....N##.X.:...1-Tr......K...0.w.....E..w.N..,.....7gv....]...T..2.=..........u...b.9.<H.0...9f...v.v1.S1..c.+X......<.qp..4`.o...uA...%*N....*..%5Gs.....?].U...).[....W.,r..d....@.Ar.....k.t..7.J.Z*.x......].....M.O.IW.7+....V.......`5..cNS..t(.B.y.a..0..x...s..x..<'...P*.n{K]t...qtBVYA..lh.Qp>..J.B.N.r..."...<.w1.&.Of...f...*7|..-[S:.'T.......*.Yd.%4...P|3..U(.D..qS.KS.....W.Mf..Y.(..S....\.lp..C...]d...;. ..*..b.5..>X...v.b....P.d.OD.........(.M.c.d.Z..y...<.U...T.0...c."j(.3b.X23.H_[OoRM...v.Oo.a..e.........J.......]..is. ...G...Q..........t.Ze].......P,...hw(E....ZXO.og.8...s.Qx.R...,.......:.....&;.....q......l..........Xl...r=.L....>...y...Q..i'.m.5..G....7...uy.q[..\[.-.|.s.....d..K.N..E8...3>_..q9....bKy...N.r..8.|...[..U.....Jm..?.......u.j(

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53048
                                                                                                                                                                          Entropy (8bit):6.729924975001718
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                          MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                          SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                          SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                          SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27149
                                                                                                                                                                          Entropy (8bit):7.993255690221499
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                          MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                          SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                          SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                          SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\product-def.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61140
                                                                                                                                                                          Entropy (8bit):5.187838690583181
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:vOt4htupPgPSOKOlIZcqw4sZsTIuzTgo16euNJoz4kyCD6gI1JhJl7gPcT8XBS1M:OnOTERR2y
                                                                                                                                                                          MD5:F1D7EE8246D37BA9CEEA6B583EFDBEA7
                                                                                                                                                                          SHA1:502C10DBD72BDD74951216C3088F48804E2C5DD0
                                                                                                                                                                          SHA-256:22482925246CCDAF3307A22ED9C6C868C0465AEB5CA34EFDF8216B0C0BA12689
                                                                                                                                                                          SHA-512:A8B8DF664BC448812F403BF9558495BA0758225D1DDE7D8F7F14164EBCA00D43A0CAF8AEE8C156AC3E8053AE35A0C30CD51CE562C528BF3DA58F7762F579E1B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 61140
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13438
                                                                                                                                                                          Entropy (8bit):7.98795673823763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:3CXwGzdYGagvKMXRBigCyhW4zDs4DomARveSXQlPy2Ep1Dk:3CDJvagSGRBigzW4ELmAJVuuDk
                                                                                                                                                                          MD5:2BFFBFBEF4263C57E95AE71522822257
                                                                                                                                                                          SHA1:A3F4C2B0AC1B6A2D655C9BDD50DC181C51B26D9B
                                                                                                                                                                          SHA-256:062EBB12D4042915B22A9556C9F47E6AAC086533028B37254C1ABA2C6E96A5D0
                                                                                                                                                                          SHA-512:2F68490086C1AE2511F02BB29C3610E1CF5EB2990C8A143710D5C89A6249AB70CFE6FFCA93D9090E2EC09FBF55954695A56BB52E24BCD9E885CC30B727555A24
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:]..@................f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....V6Wr..i9=P.(.8.......).\r..H..E..]?..&.mu...%x/..T......0..h`.E.h.228.....Y.4..9...vb.Gi.....f..SZ....w.k....E.....i.+.4...B....6......j......#.B..........[@..E......AP.yQ..%..V.YTN..Ue...?y.........z.7..ttP.B...%.O.._....].d...5&.1.Z./.]..Jg^V..S[d@1..~.R}.Y..}|Z...>..N.%.....A..J.#.....5.......u:8...IA.....q[!...!.o....Q''Imd.$.;]f..l.%......Z?.N.~T....c....q(....#...1Z.".....H.'n..w=6h.`.C.P.8h,.3%. ..-..+.....dW.U......K~..dg...\5&..........KI.s..v.~.u......l.......J..b......0.....Kw.6...M.....&....}.?.r.Ok...D

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\product-info.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5931
                                                                                                                                                                          Entropy (8bit):5.102330608267092
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:aVAkbva8i//A40x+mZXUz3rm62Gd/3sXnqQn12kVdeUPV8GK+k/Yo3M:a6Ova8i//p4+mZXUzbmxGd/cXnqEokVd
                                                                                                                                                                          MD5:9238E0C90DCC5A9479FAE20F265A0856
                                                                                                                                                                          SHA1:90629DFD4BB9633C4502F5952FFDB86F093A6E79
                                                                                                                                                                          SHA-256:D0001D9442E49F860B42400EED3030FA54CC8CBF9FD9336F79DAE6851EA8C05B
                                                                                                                                                                          SHA-512:B6BCD9D455DB1DA65A578BAC147AF81FC49C62408F01CC23AD7D26C0C215B001B4C117213392274376946D8CC73C083BD6D37D02E9C2D7CA2D065243D3EFB3FC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>24.12.2402.8785</version>..<build-time>1735036369</build-time>..<inner-version>24122402</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1735036304</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1735036304</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2463560
                                                                                                                                                                          Entropy (8bit):6.7877829379438115
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:Yms+K+wDPbHIC9gAvAfAAEV1rnFTZT0krlGW+q:Yh+FUjHICaAo7ELxTZT0krgq
                                                                                                                                                                          MD5:6FA67E53082AADD57DC5FF9663B427E7
                                                                                                                                                                          SHA1:0D4C9335BB7A04EF61CECDCA24612135D116C0C7
                                                                                                                                                                          SHA-256:0927BFA8AA5A89A5B58DD7E3D70B795C4005BD9F6B550659CD6F8B0D2A751E7F
                                                                                                                                                                          SHA-512:66E4D4D26FA47EF1A84BF3EE6BCFB0B59C4CEF62A3242573694182C79DA980DE412BC3E46AAB7B1B526C307563E485A85069DAE380992A34751B95C51FFD4060
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.............E...E...EY..D...EY..DZ..E...E...E...D...E...D..E...D...EY..D...E..~E...E...D...E...E...E...D...E@..D,..EY..D...E...EZ..E...D...E...D...E...E...E..zE...E...D...ERich...E................PE..L...zBHg...............&.z........................@...........................%.......&...@.........................@.......(........`.............Hl%..+....%.$....,.......................-......8,..@............................................text....y.......z.................. ..`.rdata...Q.......R...~..............@..@.data...<n.......H..................@....rsrc.......`......................@..@.reloc..$.....%.......$.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exe.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2463560
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):931125
                                                                                                                                                                          Entropy (8bit):7.999802194058071
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:ENPdHsNVNYqE54xEA95k9Rx5EJf7JDK2W5RuIaMH1:EDmYqE54SAzk9RPEt7Jw5vDH1
                                                                                                                                                                          MD5:1D5C7B36DBE8113B8B832B3A2D9E4669
                                                                                                                                                                          SHA1:EC950585DAD815A430C30F7B9F127F1DE3DC0666
                                                                                                                                                                          SHA-256:9E6192794963B565E5B0744307F77C5BD0ED912C695653A46982E4DD366BCCAB
                                                                                                                                                                          SHA-512:CDE64F9864A9FBCEFFA60BB8FAE3B05441ABDCAD28C89AAAE6232DADA802F90C5C422A4A2B040478D44B152B864AD67D0DAB4FC34C465D881820BEB0C7BA81D6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H.%......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........^.....~.0...Y.3xH.$.%.sH......q(.F..#.Vu@......j..*m.";..^.N.>....I......p.....n.|....C..A.`4.c.w..`..|...K.D.@N..mv..,..T...b../..!.2.=...S)B^*b_T....G.W..{...&..";VP..D....#a5....s...C..C..9.@.q.0....cB..........0F..* |2\.9x..YFM=]s.qk...b.aezx..S.\.pe...k.|.........Tb.N.......c.n.Hu1..Q...G.............1........\t_.'#..s...WJ9Tqx...x?`.$W.^........7.2...s$..S.Q..v...7..V.8..,~..*gB..kcL..d..S."|B..\l.s.....O...'S0.hC....`../..5...W...ha.......w......,...T..b?....XQ..6.T,.........~.~.U.g..`.2W......9.n4....6.[b.......|.....Gn..|.Y.z5.d./...&..E..m.]W..KU40...c ..u...A...z..DL..H..+..^.:...$.s.\....Y.N..+.%*.].......b.'Y_.;9o...&..t...G}....m.....5W-........X.....I'...yJDB.....E..C1.V.5.....-<..q..\...+..{...j..3........U.~..."..u.@....0.....K.u........[..i*Ur...7F...W...8.00R=..{..#C.6XM#....(....2x.X....w...8+..[H.K3i.\.#....R..{R...+...

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5944648
                                                                                                                                                                          Entropy (8bit):6.511430665598052
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                          MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                          SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                          SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                          SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\config.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):760
                                                                                                                                                                          Entropy (8bit):5.392444363663049
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfOOXy9G9QV6UaAAOheMjisU2T5:rVAJI+dspq4NUksYr1uAWOC933jI5rk
                                                                                                                                                                          MD5:77F4B8E808586AC5EFD0F74F07C41713
                                                                                                                                                                          SHA1:3ABFBE5681BBD4A687C193A120BB3DEA10B16A80
                                                                                                                                                                          SHA-256:C6B0BDA024F7CFBB32151632D7A06A7411CE19275D847266E1853B05A5AD6A20
                                                                                                                                                                          SHA-512:FCD8D79F1F895191111AF891296F306FD76B6E1810546E911165A14CEDB3F0F65A75F6304F5B71CF8E1BCB9BF626EC8FD62C61D1D261FE3B9C2B6B6EF8E8CB2F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=0.0..stable_prefix=default..updatable=1..[offer.browser.asb]..decision_type=1..download_url=https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe..enable=1..priority=1..ui.offer=welcome..[Signature]..Signature=ASWSig2A68832743267EF1C24CD05C7E865EF0E8E83F109FD997312CB62ECC07F3D306231B7596ED813A6E4C6527036271FF50FEEA673EE7546099D224CDC9B99A3B11E9ASWSig2A

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\config.def.edat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21873
                                                                                                                                                                          Entropy (8bit):5.690464339074782
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                          MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                          SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                          SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                          SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3531080
                                                                                                                                                                          Entropy (8bit):6.522879430230983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                          MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                          SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                          SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                          SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\edition.edat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Jn:J
                                                                                                                                                                          MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                          SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                          SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                          SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:15

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8425288
                                                                                                                                                                          Entropy (8bit):6.449288731687494
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                          MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                          SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                          SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7074632
                                                                                                                                                                          Entropy (8bit):6.486902090088866
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:+zdxWpixBidNhPpfUwr593W+QZMSF78Oaxz4yG6JyZf:+zdxWpixBiDht93W+QZMSF78OYz4pZf
                                                                                                                                                                          MD5:D86C3547360DB15C094E32FAAB54AE3A
                                                                                                                                                                          SHA1:E197C16BE3F3AB8B2C9C5C4621984F2F9B28BA0C
                                                                                                                                                                          SHA-256:9BBDC59F38BFA64EF3305AC3B0B8B2D89522DCD4F59363A5324A4089730157E8
                                                                                                                                                                          SHA-512:03FD7FE09F13C052A289847CA4F9F2EF78AEAF03E431DABA617E7E4CBC5FA6813F96D19CA007196A961B3C5C822BF63C6D398C3B72A192F412345726F156071B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..:...i...i...i...h...i..zi...i...h...i...ha..i...h...i...h...i...i...iE..h...iE..h...i...h...i...h?..i...h...iX..h...iX..h...i...h...i...h...i...h0..i...i.}.i...h...i...h...i...i...i...h4..iy..hG}.iy..h...iy.xi...i...i...iy..h...iRich...i........................PE..d....BHg.........." ...&.4H..l$......%.......................................l.....Oml...`A.........................................._......._......@l.......h..M..H.k..+...Pl.....0.U.......................U.(....U.@............PH. ............................text....2H......4H................. ..`.rdata.......PH......8H.............@..@.data....w...P_......4_.............@....pdata...M....h..N....g.............@..@.sdata....... l.......k.............@..._RDATA.......0l......"k.............@..@.rsrc........@l......$k.............@..@.reloc.......Pl......*k.............@..B........................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dll.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 7074632
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2087067
                                                                                                                                                                          Entropy (8bit):7.99990334673335
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:/yf+BFH+dEXmVEL20MtW17aRT761Cv1zyOnIzzAkIqbu:/2+3HyEXmT0MteiW1CtWzUfiu
                                                                                                                                                                          MD5:F22487BDE9ED1A7EDB44AC7BE68AC791
                                                                                                                                                                          SHA1:FC8CD1F1769425149D36A93F3761F1454C9D2BE1
                                                                                                                                                                          SHA-256:EB59F36A27FF71FD3BC7E59AFDB09A07C08616280927A408F01DBAF0F4AE5974
                                                                                                                                                                          SHA-512:C8B4E9721C0E370A367E4AC236A9BC6FEF17289ADE0D731D1544B2E47CA32860C7362C8715FEC8723960563CB7F023B8ECF2064A26804EAA923E99EAAD0CC6E9
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H.k......&..p.........../D.|...D9...B..y.i...-......;OB.....`......>...s_9.Lz.I..W..?.K<..............>.....W.Q..."..2.7._.$e.K.....c.K.^."...._@.Qh.l.=...h....Y....j.E1..|.q_.D...*..U.....z..-K*.?........1...a.2A.u)....q.9.........o.+.09.81Oy...zk..m5../.?Mj,D,.d..2.......^...X.0.y...,....bi.N..4V'.!.b.Rt...f.h.>.XF.-..2}......L...^...P......{...#9R.<.pl....!..o,. :.u.o.p=.y.."<.D9'...D....+.W... ..M2......O..T.._.-.1."..-?.xCm..2*lx3f&..^.]Xh..D.G>..=/[.._.5.Gf....U....,~I....8<:.\.f.=w.c.q.0.*.7F.._...bWt..v..gP.$\.6.a.e:....#.%@1..e..c.<.0..5.,.k6.<.L..P...=V.W.-.@.|m.......Q./"..\.t......JZ.......d..........+.Vdk.$...L...X...n...w..B.._VF..M. 5%..u........C..i......G.p..,..w..;Z.<.........../W.X..I.\U......@O....#A.E..),.w.R..Qv4<.e....>..)Y.:.a.R.C...-J1..)H...M..S.@t...p.5.?..._....&.....nN...O.B.H.t.....t.p..B...i....8...hz ^i.....;.+...m...W...`.jZt(........ .@j=.!Y...8.ZwC$.g...`....%.R`5E..........7..z..S4..uws/...~.e.n

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53048
                                                                                                                                                                          Entropy (8bit):6.729924975001718
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                          MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                          SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                          SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                          SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27149
                                                                                                                                                                          Entropy (8bit):7.993255690221499
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                          MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                          SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                          SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                          SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12384584
                                                                                                                                                                          Entropy (8bit):6.57357572805349
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                          MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                          SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                          SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                          SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\product-def.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1328262
                                                                                                                                                                          Entropy (8bit):5.392938987790726
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                          MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                          SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                          SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                          SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\product-info.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9546
                                                                                                                                                                          Entropy (8bit):5.274796830995219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                          MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                          SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                          SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                          SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\setupui.cont

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):388896
                                                                                                                                                                          Entropy (8bit):7.999454561919189
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                          MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                          SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                          SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                          SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\0fe58d1c-de4b-4979-a36c-9383b4628fb8

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 5944648
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1827555
                                                                                                                                                                          Entropy (8bit):7.999904141247566
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:ODI7vzOJ4LkpEKNUBibEk9BxxQAUrV2Dvxr:ODIT/KEqzVpDvxr
                                                                                                                                                                          MD5:84952697EEF607B32BC64CFBFFADC30E
                                                                                                                                                                          SHA1:285F44353ADBF679AE88C63C9191976E05FA4320
                                                                                                                                                                          SHA-256:B2821850BA09E884C2B058094EDF84EE7D72C2988CD575AA2D986CBEFA6579F9
                                                                                                                                                                          SHA-512:57BD96CAB4844346B0E05ED3AC4CEE291C814D41AA4A1B86B05CFAC3CAA5501476871E49425363C633BCABDBF635A3072304FF9B9BEAC73EA3628BDEEFC9FBF9
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H.Z......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg....>..:o.u...F.d.h...Q..DL...^Mv.m..I.....R..h5.A.....M...i&-u..-...G.k.P.~..D,..\.*U'.)]T..A..Cn..gx....kXem.A;..F.ph.0....)....T.O.1.k.:w1.@.g..^...../.(.N.V.."/.....5.....j...>fq..bFG.+.y...a.v... .Z@.Au.|.H..%.......}..2...i....M....r........TbzT.R....."1.*....\A....X.<....+..X...<]8.y...b.P3x.q&.N...ze.a4$.Zpk.z...'C."..P.$h.....m.=L.3...\.|{..X.EX..f.....M....~q.C3.VN..+...N..|.....U..}<.$a.!j..>.../...9 .F..i. .Z/7_..<......q.o...p..j38.\p....4.B..)J..D.....N:...X.&+....-/.P..Q2...7 .e.H.....&..Ys.(i.j.S.4k......J....!..../.kY.....!..@.[.tV._.....5...W/.[....`FY5'U....L..|.R.F_.K.....mz9....G...#".o.-..L;.5...l6f.1...._.~.U..u.m!x._.N Ep.p........T.:..0Q.u.o.B.g.m.Q....T.P.d.k..V.Y.`d..9.6;{3{.U.hOvk.^D....\....]K+......w.|..{.._!...r..+...q.d..D.%..<YD.*.....K...!"oS.p.....o..i..&...-v.Rw.om.<.134.D..;cCvJ%?..o....?..gj\......B..r.;......M..;`.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\2818f0bb-a151-4148-beda-cdffb402d60a

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 3531080
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1024725
                                                                                                                                                                          Entropy (8bit):7.999821315855513
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:64ZDqa6E/JvqxKImmDBN+HAZLfT7O2iZvHF04PwUjsptlB:645N/QTN+X3ZK4Pw1Hb
                                                                                                                                                                          MD5:B30B0361A61E22319E031BE300E0A058
                                                                                                                                                                          SHA1:825B4E782C05019352F9C54AFF6855503D4732CD
                                                                                                                                                                          SHA-256:B585CF3A5B8F95A32268E7CCA1CD7F5A743A1EC6A715D6151CA5DC3693F002A2
                                                                                                                                                                          SHA-512:C70EBFDBE505422CE5AD4D47971C80A9E8CC908D22B2BC7F15A55CDD5CD276E2DBA8FACE0C710DF31CB6B406BE13692FF24F8201A967723B3326A94667DA6FD0
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@.H.5......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV....\....N..ZH$n.X.......<....|.N&..I@z...XrT..0O.j;...Q../b..-..g..F.......|.1A.\;.x...-....'`.y.\.9...hG.|...<.i..>.z...3`tP....x.9.:'.O6..0+.S ....zhs..C2O.X;D...>.GY.....4..M....IO....N.z`2.^...T..s.O."...0d.`.d.n............c..X...lkz.5'3..'[E....,m.kVt.Gx.L.pM.P4.].+ d.0... .d...F.@.f..&.H.l.v.I..D...i|._"..........RB....8.......X.v>.......d......>.=..'.W..)....v.Ut2. ...{....|k&.k....g'QV....|...6..k.N..6\....|.G.5.....v9.u.....(...X..[.-....0..4...:QrF.....RR...lhjW..n..c0q..9.....=]'~....N;c[.7*.=E...(.....wx.X8M..Z.b..n.?.....ECx2.8.d......?....GO..........qS.T...q..}...XN.m..,~...*....s..q..H.^..1i....*....{.o.....!W_d{.N.......J6.Vg...i.....................i0.....R.......#..o~.....8nW.......F..rn._.U........V=....Su..j.yk7.^._..C..........EDg.:sl)......L\.J...S.*u06`.}.BW..... ..<..T#6.*...-v~..q....!..7.....X.x.C.V.~g..o.A..#...}.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\30b2e7f6-7445-4912-981e-11149687fecc

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 8425288
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2532654
                                                                                                                                                                          Entropy (8bit):7.99992603160213
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:49152:/WjjaTN6PDXOHqdjB0i8qpmWqeiYdYvSWatmEzB1h796GBXjc:esyaHWjei8qiYO2IEt7kGdc
                                                                                                                                                                          MD5:4F97115E493AFF57C86AE0343D4706EC
                                                                                                                                                                          SHA1:15CE45B25B64B3958BE2C9ADCCA5A91D25A554C7
                                                                                                                                                                          SHA-256:A184C4878F3D33C3B9ACF78931A846C5D45430E245639008803AF803DB02AF6A
                                                                                                                                                                          SHA-512:F5C87720A5341EE9C53E8E6E894A4AFFE8244B663367107CCBFA0E9B48356BD12C775E0D11F06C1A2000FDC8A7523B95295760360CACD21E528E1C18C70D9BDD
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]....H........&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f}{..5.;.@..[.t.......S...z~X...T....l...7..x.].../.o9SM9.(.0...o....}fX's.....G...\|:...c....3_.....H...d.z..Ki...2.XJ8y.y.40.._..,..F.."....X......T......!.0..5.%p.`@.J...e!.`..K".....^......h..[.).N.#.8.M..C...v..,..MI&C..T.R...1c..&n8.....6....e...?.Sh.?..|!&j..........=.k..\..?..p.`..[...]..!@.....7.q..N..F..S...Z...U...)....o.."J.7..K..:Y....cqO.'.9I.../v.....[..?i.....W#.{.a..".tjf.<......./....99\RP...........{.p.~....F......".]...W.$..=e.mU.k...%.T.'...X.....G..E........9.I.S...'`\.a..7...G.5}T.....UET..0...|....?..f....S...I4..L6Z..l.B.z.1@.....H..k~.=I.s.5....k.....e.3.V...]...0...cC.-_...j......E...~...|.......O.nM.y.H.')...L..P.........=A{H.?..LC.l..f.,;..PKS.t....a...u.QH!.Z8.{...@^e..[..?%i.a.=.i....eJm...y....]..a..>X...p.m.)..;.._..V.......D.d......L.....&.K5..XO...~.*}........=.*MG.O..i.5..]...b....z......5..$.f..T.Ew.h?*7m.6..T.W

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\40721289-34e4-4d6e-8c9f-1c894702dfe8

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 1328262
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):143779
                                                                                                                                                                          Entropy (8bit):7.998660051027999
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3072:woHPYBqeVZAlvBiyK2Cu1ii3ZwA/MifImzB1A4iQrkM:5MqebWBeu1fZwApTztiY
                                                                                                                                                                          MD5:4A31CDEC2EA9DEE0568BEF89D914FA14
                                                                                                                                                                          SHA1:8E4983BBCB0A8D48186BE29E4758849ABF23D661
                                                                                                                                                                          SHA-256:FC8868B60CA6E192DDF9A06CDE31D1D7FF9A19425F8F424CAA627D376C876B06
                                                                                                                                                                          SHA-512:B31A387E051E85DDD7A68B2D72FB59844D220549C000DBBE9DA0AA03978C062501D5BDD95FFFECCBB3D7FD5CC3E24C121652DAA638B8789F76DE1A24EB60174D
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@..D.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.G.`:......7...P."~.T....|...n......qsm.|..a....L......M580...............e...c1.9.8B.i<..@..~...5..&......kl@..<%8./H..R..9...g..nm_...s.c...."...P...Da.$l.#.;c.$d.w.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\88ea02bf-a24e-483a-a5d2-ee7e40595745

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 12384584
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4013693
                                                                                                                                                                          Entropy (8bit):7.999951248371016
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:98304:8C7VaUF0yi3wH4mmiTOA1RKldIwQSv9bM3QC:H7VaI0Z3o4QqDzoz
                                                                                                                                                                          MD5:1751FFBAA0682BA752E1EBEA6B6259E3
                                                                                                                                                                          SHA1:01A52320D884B13A6A92DD476A8837C25F551EFB
                                                                                                                                                                          SHA-256:E91471DCAA978E828AF58403F63859F6459837C2E7E6BFB24BB6846643E743E9
                                                                                                                                                                          SHA-512:504302B962AA99FF55B0326D2F29787EED6BD2C586CDCB733F03F2E67EEAAEA0CB56847E3779B8027F4CADA9C945D4E48E5DC8DDEEEE2FBE029D9E0F8CEC1592
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]....H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.......s;1a9f.$.h[3..A.....G|pk^..d....&..5.....f.=......o.../1p..'....y......l\.>.\....rK3s.9E.J.O.....%_m.F..#.l.......Q,..%..0....!.........y.....m.C..x...F .W.v?..9.N...{|1Vx..$.z.v.f../.:.D.)?0.j.....'.......sXvZ........m^;ti6wv....MG...:...V.z....0G.Mg./up.f..XEw...iMkF.b....^....(..}......!..O,...9?&..p..Gl.......0_.F.... ..R4...-..*.w.~..@...U. r........f.Q.n*....Y.........w....Fc..... J.8.3.!.~.....i.Z.<......ro./WIK-a...2y.Bh.1.......VS..J.,..Yc.c]..+....z^vl.d>.GF\=Y.WvT...............0K..D..l. 1.(bz.n.8.....uS_5..$V..j"..1.V.C..-...."..P<B.^z.&.P[\..Oq.(kb.q.....r.....G.....d&.E.-.~H.;... .*wD........T#.....M.@.....&d;.s........;...........&q.D..)V.IL.........:..*.\hg.......h:Y.g.\...j...e'.n..L5.9.SDG.J1?..WJ<].6.K....Q.d./....r.....eX...7V..\.S....sv.....0a1G..M..&..B..A8..:...PI........5'...W@...S....a....g.d..Dm..L....u..

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\9ffc6aeb-9106-44bf-ac20-b049e1d1298a

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 388896
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):394365
                                                                                                                                                                          Entropy (8bit):7.999498861385828
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:MiHsN+DsMAGeruomEfcoPUYeI7NgJGR54rB:MrNcsMAGerDThdewBRKrB
                                                                                                                                                                          MD5:4B1DD5C2123216AF96B86F6E43BBF980
                                                                                                                                                                          SHA1:ABD916E383301C5EF4EA48898E349096CA4846B8
                                                                                                                                                                          SHA-256:0D1E33CAC8D5A14FF8E9B55A58EAE20B6E795E5A3B96DB0B829E8801D6E7C7B2
                                                                                                                                                                          SHA-512:75DA0D36297D96C6D7BD34F40D9597D729674C96346715B2078CF425AF19F44D02E82845BC2D36A5A1F3B438522AC884C125A453F9062DEDAFB665ABEAB65E2F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:]..@. ........~..E..8... .rZ.~0.eg6....2..)V....o.z.....gO.....L.1U..........@....Z.]..\..._...9'.....T...2<.u?.]..<!.i.3...gb.`c.*.....@.vu.Y..U.F./..m...(T...w(....m.i...VAX<........1!.W..)..?9k..E.(p..lN.r....,.;Z.;.?..Z..=.._w.'.H....v.m..i...P0m.<q..w..v.:..LE_z...i.....tfIz..(.nI.*...M..N..].h...2e.u.`.....h.}c.K{.].)..YQ......?}..6@.:.@(0R.`Bko.O...K.......Op.d.*.6b....e;....KC..n^..?(..[..S...-H@{z..&...<..T.......U.. .....yP.k.b;SGy..M.%(....L.....AcB........^...;K...cwO.7......h(.4E^.>.S........p....HY..,.?.=.....W........",e...w....z'.7..P.S.T.$...nQ./..rM.VK.sjd..3of...f..+.....P].6....L4...a.>G.D.5...2$o.......Er...m~....%.z^....vqi.@.O.~87....N.Z..3..A..kV......ND}N...1*_.`l.u.Kw..h.?.._.?ZK1.\O?.vv..8.WE....#T....J.....'<~I.dI.-.........FA<.k.f....0....4......K....h....*3.O.Go.....W.0.zc..e.......P......o....BL..............`m......l.bA....0....U.ac.....eH....=.p<F...............H.r?..i......Y..y..9...;-.F..GJZ/..O.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5944648
                                                                                                                                                                          Entropy (8bit):6.511430665598052
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                          MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                          SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                          SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                          SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3531080
                                                                                                                                                                          Entropy (8bit):6.522879430230983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                          MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                          SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                          SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                          SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\e6b4b5f6-e26a-4399-bad7-5e5861763836

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 15688
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9881
                                                                                                                                                                          Entropy (8bit):7.982144056447914
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:va5QFe5kFCIgy2UX/GWISJ+ut3gXwU4Vp6RUxWKr9w5mqKokS6mNL6fb:vay6kFxaUXOBINQAbgRUx79w5xKok/uY
                                                                                                                                                                          MD5:AE04DC0902D3306BE8A16E9C824EC526
                                                                                                                                                                          SHA1:29977902A92BFD75234E8ACA64BC57A627FBC782
                                                                                                                                                                          SHA-256:D5ACF32560137A3AFEE4E10CBE3A5630D75A8DF139922824FF78F9FA713B6D93
                                                                                                                                                                          SHA-512:8D448254F8F9A9161782100FAE1D1F062C9BFE04555D4B30AC5457DB02A5D8A7C513BBBE013ADB1D9F386CD0F58A3607CEF864DE9A68FDDC22348453BF634B13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:]..@.H=.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....L.c.Jc..k_....P....u*....E.~.Y.......0....\.:._.........]Q...o..V. .....e.D.K$j...d<...e`.XN[y.|....W..cv....U..%.C.d/\G*2.a....Q....._........ .`.!...#.h..|)...G....p.8.Py...=0,.8'.4...L..Po..d.;.Q.#..R.I..&N...C\....<H..<.UT.b..w(..G...D..S*....K..V..O3z.r.........t.5..U..wb...8H.:..4...c.'....wv.j%c....=.....q.D......s%Gr.>......I1.n..s..h...<........N.B......F.&.7.U6@.LM..@.LB.....BS.P..vA..W..r..2.v.C.UM.{.|....\..#8......::.E,..h...X.X....o..ii~.A0......Q.i.C.FZ.....,....y..h.....yr.....qB...`..-.i...\8(.........!./@...r.|T.|.......Zm...1........&G~....Pk.q.&.a...8..*..}.D.7..`"B....}.P..i.v.........}....h.Z.%.!T+.L....4.b...S.H...r.;t........PK)2.C.y<..^0.....C..,M..Z..s7.VA7[Z.<_..H.C....+...e. .'.{..l?.....@.E...#.oq.....i..@......J..G.m.nf..=. ....9;.y@...)....:.....>.......E...b...!H|f.q3|.I..a..Sq!.....6.f../.^.b

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8425288
                                                                                                                                                                          Entropy (8bit):6.449288731687494
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                          MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                          SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                          SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15688
                                                                                                                                                                          Entropy (8bit):6.958791234525559
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:wORgChIIIYiifE/Pw1/wfT3ir2WSx7bL4cv:ruRYiisPv3iPmbLH
                                                                                                                                                                          MD5:F91371D99394307A7AF600577ED787F3
                                                                                                                                                                          SHA1:D7488B8E6E302CDDA9B49EC7CB927D02A38254C2
                                                                                                                                                                          SHA-256:48C1D01F6234E7C129B31A0C2388DE0F102F718721FEDF18EDBE19971D4222F5
                                                                                                                                                                          SHA-512:F43CE12312A6A2BBEBA57A917DAF28CEE2C36DFE5C9529BB6C89B3390ED3902995F69ED3EBFA8903FD96A093D8DA8251204739A50576DFCE695010833C92C48D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................*........Rich..................PE..L....AHg...........!...&..................... ...............................P............@E........................ !..\....#..<....0..............H....+...@..(.... ............................................... .. ............................text...U........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12384584
                                                                                                                                                                          Entropy (8bit):6.57357572805349
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                          MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                          SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                          SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                          SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\product-def.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1328262
                                                                                                                                                                          Entropy (8bit):5.392938987790726
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                          MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                          SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                          SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                          SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\product-info.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9546
                                                                                                                                                                          Entropy (8bit):5.274796830995219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                          MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                          SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                          SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                          SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\setupui.cont

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):388896
                                                                                                                                                                          Entropy (8bit):7.999454561919189
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                          MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                          SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                          SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                          SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\ecoo.edat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.422577995321604
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                          MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                          SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                          SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                          SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                          C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2044
                                                                                                                                                                          Entropy (8bit):5.408177525637006
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cEYprdGUS42A+dACxeFX/AaTbVRKp2lEkKM:0BrWA+dnxeFX/AkbVS2FKM
                                                                                                                                                                          MD5:B20905EBA9ECA36F07F73B724D7C6E9E
                                                                                                                                                                          SHA1:4C547DBF684A1728F2B0A9B532003BA860377E39
                                                                                                                                                                          SHA-256:70215D983756CC49F683942FC7AEE8E938DD0C642DE3CAC52B93252A3D0EA982
                                                                                                                                                                          SHA-512:5A40DAA6E14410397D62691FBB2BA7B9C62C5B14CFF17B27DF8343651EB395D936773AE7FB928D99A4DC086466F6092A8EE0BCB4EB73633B953D6AD472B76928
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-mapping-sfx>...<handle>278</handle>...<size>1691384</size>..</file-mapping-sfx>..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>e3ec3a7d2fad564b9481017e1adbe5057a2a0cf8a48f339433e56443adcfb14f</sha-256>....<offset>1670726</offset>....<size>803</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1671606</offset>....<size>2</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/config.def.edat</alias>....<sha-256>267481c5c3ff66ec6dda02134b1216d85c12470555581f92b423a29c91db547a</sha-256>....<offset>1671688</offset>....<size>8555</size>....<timestamp>1734522278</timestamp>....<flags>1</flags>...</file>..</file-list>..<sfx-dir>C:\Windows\Temp\asw.bb4a8def

                                                                                                                                                                          C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1691384
                                                                                                                                                                          Entropy (8bit):6.7745330741667
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:dfoyR/GATYvXlTwDljYotFh8OQgxqIFlrhUcPlCbh0lhSMXli8zlo4e4zWKM7:dfJpGATYvXAxFPKIF3TPlCqZ5e4aK
                                                                                                                                                                          MD5:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                          SHA1:D3975382239D916AED32AFE37A32623781450759
                                                                                                                                                                          SHA-256:A599608AA42D0E334E6001CC9B90C0A0672F506B9459246F4A7B53D4AC5D2410
                                                                                                                                                                          SHA-512:96653F518EB6B8AFFBCA0A1DBA61A8D1E5BD49FAD12AE11D605550B35A50814FC81BEF9A383C0659723D8421C71DF90B64E6CB238A60659A2DF85CA5DB28119D
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......c.R.'.<.'.<.'.<...?.(.<...9...<.!T..#.<.!T8.1.<.!T?.;.<.!T9.K.<...8.>.<.l.=.!.<..8...<.....%.<..9.&.<.'.<.+.<...;.&.<...=.6.<.'.=...<.MT5...<.MT<.&.<.MT.&.<.'..$.<.MT>.&.<.Rich'.<.........................PE..L... BHg...............&.(...................@....@..................................(....@..........................z.......{..........Hr...............+......t....................................M..@............@.......v.......................text....'.......(.................. ..`.rdata..LY...@...Z...,..............@..@.data...............................@....didat..T............2..............@....rsrc...Hr.......t...4..............@..@.reloc..t...........................@..B................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.bb4a8def2d6384de\ecoo.edat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.422577995321604
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                          MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                          SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                          SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                          SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                          C:\Windows\Temp\~DF4F3DABD1D843D7F7.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF53C07BE48ED6FDFE.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF6661B8DD2DBA171D.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF871D6F71601C282F.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                          Entropy (8bit):0.09875909967166902
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:NkQpN8l5ipVvipVJVgd85apG6yZk8E+Aed85mh/:Nk0N8l5S9S7qdZiM+d
                                                                                                                                                                          MD5:9D0756FF6A922ECC029E7ED119CA93F6
                                                                                                                                                                          SHA1:C4053DE6F8CF9FCB153DB89859CDC442CBCFEDD1
                                                                                                                                                                          SHA-256:8B01258A991A789D2AE25EE5FE2CABF1592B563A5040EFB2F97601663B663B93
                                                                                                                                                                          SHA-512:DC5F18CC04230D7BF9FAAEAF507A49409DA93FB1258FF5C7572B4E53447599599A1FBA7C0874922F52598123CA283BB34573A426492323CA05D03E70BC348604
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF8DC619F14B9326F1.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):1.1707613610983685
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3W1unZI+xFX4vT5kdaZS7qdZiCSIN8lgk:G1csTNZ5/k
                                                                                                                                                                          MD5:92D15E68DDB6FDE61B5833CA66DC813F
                                                                                                                                                                          SHA1:25BFA13389F650ADEA5A143FA6982FFF57CE4E8C
                                                                                                                                                                          SHA-256:34D4238480D07A36044ADC3C0BEBCB6CF9D0712181BBB0C48119DBB72C723CCB
                                                                                                                                                                          SHA-512:7972A40B5DC4429DADC793217E901CCABB53CE28464E315CA9A0FED0D2BA161058080AC8D95ABE6C3B8BAE62631F42FF8A73829CFB7CDDD9DD505BD08D934CC3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF910E44F167A03CA3.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DF95C8AC4F3CD80983.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):1.4521045568809214
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:O8PhNuRc06WX4UjT51daZS7qdZiCSIN8lgk:BhN1kjTkZ5/k
                                                                                                                                                                          MD5:09BD89FDF6D18C2FB6811EA988CC8699
                                                                                                                                                                          SHA1:DE6EC588C094DED52AB8B6D9161BFC99FBBF9B85
                                                                                                                                                                          SHA-256:5BA240CCB268A8E4B116D18C04F77CA049053A1498F8E0F93877D88AD8E78976
                                                                                                                                                                          SHA-512:EB33D2F33C9F044B182F4726F0212828AA75173EFBE16E6B36569EC8A7FAE4D94855E4D0041F1C76BC68123FC21ED73D7CB9C9E3E47C77F6F9981B283CF6C843
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DFAA04FA603704A4AB.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):1.1707613610983685
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3W1unZI+xFX4vT5kdaZS7qdZiCSIN8lgk:G1csTNZ5/k
                                                                                                                                                                          MD5:92D15E68DDB6FDE61B5833CA66DC813F
                                                                                                                                                                          SHA1:25BFA13389F650ADEA5A143FA6982FFF57CE4E8C
                                                                                                                                                                          SHA-256:34D4238480D07A36044ADC3C0BEBCB6CF9D0712181BBB0C48119DBB72C723CCB
                                                                                                                                                                          SHA-512:7972A40B5DC4429DADC793217E901CCABB53CE28464E315CA9A0FED0D2BA161058080AC8D95ABE6C3B8BAE62631F42FF8A73829CFB7CDDD9DD505BD08D934CC3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DFAE828C33825EDA46.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):1.4521045568809214
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:O8PhNuRc06WX4UjT51daZS7qdZiCSIN8lgk:BhN1kjTkZ5/k
                                                                                                                                                                          MD5:09BD89FDF6D18C2FB6811EA988CC8699
                                                                                                                                                                          SHA1:DE6EC588C094DED52AB8B6D9161BFC99FBBF9B85
                                                                                                                                                                          SHA-256:5BA240CCB268A8E4B116D18C04F77CA049053A1498F8E0F93877D88AD8E78976
                                                                                                                                                                          SHA-512:EB33D2F33C9F044B182F4726F0212828AA75173EFBE16E6B36569EC8A7FAE4D94855E4D0041F1C76BC68123FC21ED73D7CB9C9E3E47C77F6F9981B283CF6C843
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DFCF868427DF0F78EA.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):0.07728575714935673
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpIWzraCtjBER9J1iVky6l51:2F0i8n0itFzDHFiqjBER9JTr
                                                                                                                                                                          MD5:87FC8CE0A19F2A7AE5AB2EDCB62F907D
                                                                                                                                                                          SHA1:B370BCD4C62ADFEB1F140C1524ECEA12B310707C
                                                                                                                                                                          SHA-256:AB970EEF0513B00293AAD24A43E25E9101B5220FB59291752E63E2841A35E9EA
                                                                                                                                                                          SHA-512:CEA19F21C4393A92BED63D2E3ADDF97C7C0932F4844935F1F0DA5F337D8EC206138C0D01D0002ADDEB4282981C58221640163AF724FF9231B3E9F1B48B23E3EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DFD058C2B3FDA8FBFD.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\~DFD353E3ED08A1E780.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):1.1707613610983685
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:3W1unZI+xFX4vT5kdaZS7qdZiCSIN8lgk:G1csTNZ5/k
                                                                                                                                                                          MD5:92D15E68DDB6FDE61B5833CA66DC813F
                                                                                                                                                                          SHA1:25BFA13389F650ADEA5A143FA6982FFF57CE4E8C
                                                                                                                                                                          SHA-256:34D4238480D07A36044ADC3C0BEBCB6CF9D0712181BBB0C48119DBB72C723CCB
                                                                                                                                                                          SHA-512:7972A40B5DC4429DADC793217E901CCABB53CE28464E315CA9A0FED0D2BA161058080AC8D95ABE6C3B8BAE62631F42FF8A73829CFB7CDDD9DD505BD08D934CC3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                          Entropy (8bit):4.463163011114748
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:dIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:OXD94+WlLZMM6YFHg+n
                                                                                                                                                                          MD5:98B24038D0E9E732C98DC856FD9B5E46
                                                                                                                                                                          SHA1:585C6ABFB7A31F694A9476ECB6DFEF577F8094BE
                                                                                                                                                                          SHA-256:2BBFCEF0FB0260AEB85DB6CDD9D8DB207BAF1B4AA6143BA8DF4A5C2B6B24D25E
                                                                                                                                                                          SHA-512:9710A9ECDD29F90DCCE313C6991E95522F6E796C5358A0EBA41AFEDC2E494688C72BD04F2AE8E16B96D4BA0C4DD0A72AA697767494193B25B006BAFE7894E9F8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....U..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          \Device\ConDrv

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):148
                                                                                                                                                                          Entropy (8bit):4.8982142408421945
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:SKpJOLz3WF+RUepJVcFLzBVZEIIt+kiE2J5xAIzI3/KwsHeL4AcXOFuun:wL73CepJK3jZhIwkn23fzIAHeLNcXOF9
                                                                                                                                                                          MD5:8F224653D7CEBB67D2172EB0D9EF97E9
                                                                                                                                                                          SHA1:06EECD2CBD7AD4002C9808885DC9B9F965EC296D
                                                                                                                                                                          SHA-256:8B2B772B38A282AF2B19E6FFE5600BE857D275F1863E9CDEFB2335BC57204A54
                                                                                                                                                                          SHA-512:96C66E39F4B8F21CDB3824FF27DFAFF858F6F98465676D60E84A598DFE4872FDBF52DBB8DB6A9CDEB1F4C86096A2C4A847F9106F6A5FA38569F722B7C9D8F4EB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:The following command was not found: firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe qBittorrent ENABLE...

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Entropy (8bit):7.984930854477816
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                          • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                          • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                          • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                          File name:Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                          File size:14'472'984 bytes
                                                                                                                                                                          MD5:af45bc08a07f1ba16abe59f29072ebcc
                                                                                                                                                                          SHA1:66edea40ba7b38a45bd856e6889bba12384c458f
                                                                                                                                                                          SHA256:e555c06879ed4eda6277e1fa8a4985590e70d8fa81421103048803e386daaf28
                                                                                                                                                                          SHA512:a4c63d95b2ce3ed6590617e18f18d78a530deb7958fcb4e1ed1b9ab415c4c370e907d2eccc63becb7f2d7dcb7b603125809008d38f450f3462d9b8d61b7f1d97
                                                                                                                                                                          SSDEEP:393216:bBBTeN30LpEiSCC9XSpIFwah3RuINhkUOgs:dtwkLps9Xhrhhuahk5D
                                                                                                                                                                          TLSH:DFE6233FB2A8A13FD5AE0B3149B39350593BB665795A8C1E07F0480DDF6A0611F3B726
                                                                                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                          File Icon

                                                                                                                                                                          Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                          Static PE Info

                                                                                                                                                                          General

                                                                                                                                                                          Entrypoint:0x4b5eec
                                                                                                                                                                          Entrypoint Section:.itext
                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                          Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                          File Version Major:6
                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                          Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                          Error Number:0
                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                          • 24/03/2024 20:00:00 25/03/2025 19:59:59
                                                                                                                                                                          Subject Chain
                                                                                                                                                                          • CN=MECHA MANGA - FZCO, O=MECHA MANGA - FZCO, S=Dubai, C=AE
                                                                                                                                                                          Version:3
                                                                                                                                                                          Thumbprint MD5:1A2E39E8F90F5FF6D22AD9098F5518F1
                                                                                                                                                                          Thumbprint SHA-1:1F3CCE31883C9EF47711A1EE96294E479CE69CFB
                                                                                                                                                                          Thumbprint SHA-256:42B420F3B7BB52249C84BFDABF29C9D4B5978803163B451821B2501ACB042115
                                                                                                                                                                          Serial:3B1955CFEAA2C9C392292E00287D4A6C

                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                          Instruction
                                                                                                                                                                          push ebp
                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                          add esp, FFFFFFA4h
                                                                                                                                                                          push ebx
                                                                                                                                                                          push esi
                                                                                                                                                                          push edi
                                                                                                                                                                          xor eax, eax
                                                                                                                                                                          mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                          mov dword ptr [ebp-40h], eax
                                                                                                                                                                          mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                          mov dword ptr [ebp-30h], eax
                                                                                                                                                                          mov dword ptr [ebp-38h], eax
                                                                                                                                                                          mov dword ptr [ebp-34h], eax
                                                                                                                                                                          mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                          mov dword ptr [ebp-28h], eax
                                                                                                                                                                          mov dword ptr [ebp-14h], eax
                                                                                                                                                                          mov eax, 004B10F0h
                                                                                                                                                                          call 00007FAF00BE34D5h
                                                                                                                                                                          xor eax, eax
                                                                                                                                                                          push ebp
                                                                                                                                                                          push 004B65E2h
                                                                                                                                                                          push dword ptr fs:[eax]
                                                                                                                                                                          mov dword ptr fs:[eax], esp
                                                                                                                                                                          xor edx, edx
                                                                                                                                                                          push ebp
                                                                                                                                                                          push 004B659Eh
                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                          mov eax, dword ptr [004BE634h]
                                                                                                                                                                          call 00007FAF00C85BFFh
                                                                                                                                                                          call 00007FAF00C85752h
                                                                                                                                                                          lea edx, dword ptr [ebp-14h]
                                                                                                                                                                          xor eax, eax
                                                                                                                                                                          call 00007FAF00BF8F48h
                                                                                                                                                                          mov edx, dword ptr [ebp-14h]
                                                                                                                                                                          mov eax, 004C1D84h
                                                                                                                                                                          call 00007FAF00BDE0C7h
                                                                                                                                                                          push 00000002h
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          push 00000001h
                                                                                                                                                                          mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                          mov dl, 01h
                                                                                                                                                                          mov eax, dword ptr [004237A4h]
                                                                                                                                                                          call 00007FAF00BF9FAFh
                                                                                                                                                                          mov dword ptr [004C1D88h], eax
                                                                                                                                                                          xor edx, edx
                                                                                                                                                                          push ebp
                                                                                                                                                                          push 004B654Ah
                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                          call 00007FAF00C85C87h
                                                                                                                                                                          mov dword ptr [004C1D90h], eax
                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                          cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                          jne 00007FAF00C8C26Ah
                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                          mov edx, 00000028h
                                                                                                                                                                          call 00007FAF00BFA8A4h
                                                                                                                                                                          mov edx, dword ptr [004C1D90h]

                                                                                                                                                                          Data Directories

                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x47a0.rsrc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xdcab680x2bb0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                          Sections

                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                          .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .rsrc0xc70000x47a00x480059843b0fd96c127dae7f50c49fbe3322False0.3183051215277778data4.520056630364859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                          Resources

                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                          RT_ICON0xc74f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                          RT_ICON0xc77e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                          RT_ICON0xc79080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                          RT_ICON0xc81b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                          RT_ICON0xc87180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                          RT_STRING0xc88400x360data0.34375
                                                                                                                                                                          RT_STRING0xc8ba00x260data0.3256578947368421
                                                                                                                                                                          RT_STRING0xc8e000x45cdata0.4068100358422939
                                                                                                                                                                          RT_STRING0xc925c0x40cdata0.3754826254826255
                                                                                                                                                                          RT_STRING0xc96680x2d4data0.39226519337016574
                                                                                                                                                                          RT_STRING0xc993c0xb8data0.6467391304347826
                                                                                                                                                                          RT_STRING0xc99f40x9cdata0.6410256410256411
                                                                                                                                                                          RT_STRING0xc9a900x374data0.4230769230769231
                                                                                                                                                                          RT_STRING0xc9e040x398data0.3358695652173913
                                                                                                                                                                          RT_STRING0xca19c0x368data0.3795871559633027
                                                                                                                                                                          RT_STRING0xca5040x2a4data0.4275147928994083
                                                                                                                                                                          RT_RCDATA0xca7a80x10data1.5
                                                                                                                                                                          RT_RCDATA0xca7b80x2c4data0.6384180790960452
                                                                                                                                                                          RT_RCDATA0xcaa7c0x2cdata1.2045454545454546
                                                                                                                                                                          RT_GROUP_ICON0xcaaa80x4cdataEnglishUnited States0.75
                                                                                                                                                                          RT_VERSION0xcaaf40x584dataEnglishUnited States0.28257790368271957
                                                                                                                                                                          RT_MANIFEST0xcb0780x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                          Imports

                                                                                                                                                                          DLLImport
                                                                                                                                                                          kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                          comctl32.dllInitCommonControls
                                                                                                                                                                          version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                          user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                          oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                          netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                          advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                          Exports

                                                                                                                                                                          NameOrdinalAddress
                                                                                                                                                                          TMethodImplementationIntercept30x454060
                                                                                                                                                                          __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                          dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                          Possible Origin

                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                          Network Behavior

                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                          Statistics

                                                                                                                                                                          CPU Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Memory Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                          Behavior

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          System Behavior

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:0
                                                                                                                                                                          Start time:06:20:07
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          File size:14'472'984 bytes
                                                                                                                                                                          MD5 hash:AF45BC08A07F1BA16ABE59F29072EBCC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:1
                                                                                                                                                                          Start time:06:20:08
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          File size:3'025'328 bytes
                                                                                                                                                                          MD5 hash:49312C19FA9B298CA2AE71E14F07CCF3
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:5
                                                                                                                                                                          Start time:06:21:05
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                          Imagebase:0x670000
                                                                                                                                                                          File size:1'184'128 bytes
                                                                                                                                                                          MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:6
                                                                                                                                                                          Start time:06:21:08
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw
                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                          File size:234'936 bytes
                                                                                                                                                                          MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:06:21:11
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          File size:5'727'368 bytes
                                                                                                                                                                          MD5 hash:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:8
                                                                                                                                                                          Start time:06:21:13
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de
                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                          File size:1'691'384 bytes
                                                                                                                                                                          MD5 hash:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:9
                                                                                                                                                                          Start time:06:21:16
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
                                                                                                                                                                          Imagebase:0x1560000
                                                                                                                                                                          File size:82'432 bytes
                                                                                                                                                                          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:10
                                                                                                                                                                          Start time:06:21:16
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:11
                                                                                                                                                                          Start time:06:21:16
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77
                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                          File size:23'891'968 bytes
                                                                                                                                                                          MD5 hash:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:12
                                                                                                                                                                          Start time:06:21:17
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:13
                                                                                                                                                                          Start time:06:21:18
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                          Imagebase:0x650000
                                                                                                                                                                          File size:1'910'576 bytes
                                                                                                                                                                          MD5 hash:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:14
                                                                                                                                                                          Start time:06:21:22
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                          Imagebase:0xda0000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:15
                                                                                                                                                                          Start time:06:21:23
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:16
                                                                                                                                                                          Start time:06:21:23
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
                                                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:17
                                                                                                                                                                          Start time:06:21:23
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
                                                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:19
                                                                                                                                                                          Start time:06:21:26
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:20
                                                                                                                                                                          Start time:06:21:26
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:21
                                                                                                                                                                          Start time:06:21:26
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff7ab080000
                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:22
                                                                                                                                                                          Start time:06:21:27
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff7ab080000
                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:23
                                                                                                                                                                          Start time:06:21:27
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff7ab080000
                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:24
                                                                                                                                                                          Start time:06:21:27
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:25
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:26
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:27
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:28
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
                                                                                                                                                                          Imagebase:0x660000
                                                                                                                                                                          File size:383'232 bytes
                                                                                                                                                                          MD5 hash:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:29
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
                                                                                                                                                                          Imagebase:0x7ff789460000
                                                                                                                                                                          File size:404'480 bytes
                                                                                                                                                                          MD5 hash:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:30
                                                                                                                                                                          Start time:06:21:28
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                          Imagebase:0x7ff78c100000
                                                                                                                                                                          File size:69'632 bytes
                                                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:31
                                                                                                                                                                          Start time:06:21:32
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:32
                                                                                                                                                                          Start time:06:21:33
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:33
                                                                                                                                                                          Start time:06:21:33
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:34
                                                                                                                                                                          Start time:06:21:36
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
                                                                                                                                                                          Imagebase:0x310000
                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:35
                                                                                                                                                                          Start time:06:21:52
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
                                                                                                                                                                          Imagebase:0x7ff69ab50000
                                                                                                                                                                          File size:8'425'288 bytes
                                                                                                                                                                          MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:36
                                                                                                                                                                          Start time:06:22:11
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
                                                                                                                                                                          Imagebase:0x7ff6c0960000
                                                                                                                                                                          File size:8'425'288 bytes
                                                                                                                                                                          MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:37
                                                                                                                                                                          Start time:06:22:11
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
                                                                                                                                                                          Imagebase:0x7ff6a79e0000
                                                                                                                                                                          File size:8'425'288 bytes
                                                                                                                                                                          MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:38
                                                                                                                                                                          Start time:06:22:15
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                          Imagebase:0x7ff667110000
                                                                                                                                                                          File size:23'918'680 bytes
                                                                                                                                                                          MD5 hash:7DD0FAA9C00391333B2A12D21CA028BF
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:39
                                                                                                                                                                          Start time:06:22:18
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files\McAfee\Temp1920010323\installer.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                          Imagebase:0x7ff629640000
                                                                                                                                                                          File size:3'079'968 bytes
                                                                                                                                                                          MD5 hash:9B6FDFBC11B51E810F01598730A002F4
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:40
                                                                                                                                                                          Start time:06:22:18
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
                                                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:41
                                                                                                                                                                          Start time:06:22:19
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
                                                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:42
                                                                                                                                                                          Start time:06:22:34
                                                                                                                                                                          Start date:24/12/2024
                                                                                                                                                                          Path:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
                                                                                                                                                                          Imagebase:0x7ff7dfb40000
                                                                                                                                                                          File size:926'176 bytes
                                                                                                                                                                          MD5 hash:F7C7039D19E16D05B6194D74E128DFE4
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          Disassembly

                                                                                                                                                                          Reset < >

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:7.1%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:11.5%
                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                            Total number of Limit Nodes:34
                                                                                                                                                                            execution_graph 83123 6f97ac 83124 6f97bc 83123->83124 83127 6e293c 83124->83127 83153 6e269d 83127->83153 83130 6e29a9 83131 6e28da DloadReleaseSectionWriteAccess 8 API calls 83130->83131 83132 6e29b4 RaiseException 83131->83132 83148 6e2ba2 83132->83148 83133 6e2a45 LoadLibraryExA 83134 6e2a58 GetLastError 83133->83134 83135 6e2aa6 83133->83135 83140 6e2a6b 83134->83140 83141 6e2a81 83134->83141 83138 6e2ab1 FreeLibrary 83135->83138 83142 6e2ab8 83135->83142 83136 6e2b16 GetProcAddress 83137 6e2b74 83136->83137 83144 6e2b26 GetLastError 83136->83144 83159 6e28da 83137->83159 83138->83142 83139 6e29cd 83139->83133 83139->83135 83139->83137 83139->83142 83140->83135 83140->83141 83143 6e28da DloadReleaseSectionWriteAccess 8 API calls 83141->83143 83142->83136 83142->83137 83145 6e2a8c RaiseException 83143->83145 83146 6e2b39 83144->83146 83145->83148 83146->83137 83149 6e28da DloadReleaseSectionWriteAccess 8 API calls 83146->83149 83150 6e2b5a RaiseException 83149->83150 83151 6e269d ___delayLoadHelper2@8 7 API calls 83150->83151 83152 6e2b71 83151->83152 83152->83137 83154 6e26ca 83153->83154 83155 6e26a9 83153->83155 83154->83130 83154->83139 83167 6e2743 83155->83167 83157 6e26ae 83157->83154 83172 6e286c 83157->83172 83160 6e290e 83159->83160 83161 6e28ec 83159->83161 83160->83148 83162 6e2743 DloadReleaseSectionWriteAccess 4 API calls 83161->83162 83163 6e28f1 83162->83163 83164 6e2909 83163->83164 83165 6e286c DloadProtectSection 3 API calls 83163->83165 83179 6e2910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 83164->83179 83165->83164 83177 6e26d0 GetModuleHandleW GetProcAddress GetProcAddress 83167->83177 83169 6e2748 83170 6e2760 AcquireSRWLockExclusive 83169->83170 83171 6e2764 83169->83171 83170->83157 83171->83157 83175 6e2881 DloadObtainSection 83172->83175 83173 6e2887 83173->83154 83174 6e28bc VirtualProtect 83174->83173 83175->83173 83175->83174 83178 6e2782 VirtualQuery GetSystemInfo 83175->83178 83177->83169 83178->83174 83179->83160 83180 715192 83197 712e1c 83180->83197 83182 7151a0 83183 7151af 83182->83183 83184 7151ce 83182->83184 83218 6fd73d 83183->83218 83186 7151e9 83184->83186 83187 7151dc 83184->83187 83192 7151fc 83186->83192 83221 71555a 16 API calls __wsopen_s 83186->83221 83188 6fd73d __dosmaperr 14 API calls 83187->83188 83193 7151b4 83188->83193 83190 71527b 83207 7153c0 83190->83207 83192->83190 83192->83193 83195 71526e 83192->83195 83222 71ec2a 83192->83222 83195->83190 83202 7155f5 83195->83202 83198 712e28 83197->83198 83199 712e3d 83197->83199 83200 6fd73d __dosmaperr 14 API calls 83198->83200 83199->83182 83201 712e2d __cftoe 83200->83201 83201->83182 83229 712174 83202->83229 83206 71561a 83206->83190 83208 712e1c std::locale::_Setgloballocale 14 API calls 83207->83208 83209 7153cf 83208->83209 83210 715472 83209->83210 83211 7153e2 83209->83211 83212 715ee6 __wsopen_s 68 API calls 83210->83212 83213 7153ff 83211->83213 83216 715423 83211->83216 83215 71540c 83212->83215 83246 715ee6 83213->83246 83215->83193 83216->83215 83243 716972 83216->83243 83401 711e00 14 API calls 2 library calls 83218->83401 83220 6fd742 83220->83193 83221->83192 83223 71ec44 83222->83223 83224 71ec37 83222->83224 83226 71ec50 83223->83226 83227 6fd73d __dosmaperr 14 API calls 83223->83227 83225 6fd73d __dosmaperr 14 API calls 83224->83225 83228 71ec3c __cftoe 83225->83228 83226->83195 83227->83228 83228->83195 83230 7121b2 83229->83230 83231 712182 std::_Locinfo::_W_Getdays 83229->83231 83232 6fd73d __dosmaperr 14 API calls 83230->83232 83231->83230 83233 71219d RtlAllocateHeap 83231->83233 83242 70f60f EnterCriticalSection LeaveCriticalSection std::_Facet_Register 83231->83242 83234 7121b0 83232->83234 83233->83231 83233->83234 83236 712098 83234->83236 83237 7120cc __dosmaperr 83236->83237 83238 7120a3 RtlFreeHeap 83236->83238 83237->83206 83238->83237 83239 7120b8 83238->83239 83240 6fd73d __dosmaperr 12 API calls 83239->83240 83241 7120be GetLastError 83240->83241 83241->83237 83242->83231 83269 7167ea 83243->83269 83245 716988 83245->83215 83247 715ef2 CallCatchBlock 83246->83247 83248 715f12 83247->83248 83249 715efa 83247->83249 83251 715fad 83248->83251 83255 715f44 83248->83255 83363 6fd72a 14 API calls __dosmaperr 83249->83363 83366 6fd72a 14 API calls __dosmaperr 83251->83366 83252 715eff 83254 6fd73d __dosmaperr 14 API calls 83252->83254 83260 715f07 __cftoe 83254->83260 83320 71ace1 EnterCriticalSection 83255->83320 83256 715fb2 83258 6fd73d __dosmaperr 14 API calls 83256->83258 83258->83260 83259 715f4a 83261 715f66 83259->83261 83262 715f7b 83259->83262 83260->83215 83263 6fd73d __dosmaperr 14 API calls 83261->83263 83321 715fd8 83262->83321 83265 715f6b 83263->83265 83364 6fd72a 14 API calls __dosmaperr 83265->83364 83266 715f76 83365 715fa5 LeaveCriticalSection __wsopen_s 83266->83365 83270 7167f6 CallCatchBlock 83269->83270 83271 716816 83270->83271 83272 7167fe 83270->83272 83273 7168c7 83271->83273 83279 71684b 83271->83279 83302 6fd72a 14 API calls __dosmaperr 83272->83302 83305 6fd72a 14 API calls __dosmaperr 83273->83305 83275 716803 83277 6fd73d __dosmaperr 14 API calls 83275->83277 83282 71680b __cftoe 83277->83282 83278 7168cc 83280 6fd73d __dosmaperr 14 API calls 83278->83280 83292 71ace1 EnterCriticalSection 83279->83292 83280->83282 83282->83245 83283 716851 83284 716875 83283->83284 83285 71688a 83283->83285 83286 6fd73d __dosmaperr 14 API calls 83284->83286 83293 7168f6 83285->83293 83289 71687a 83286->83289 83288 716885 83304 7168bf LeaveCriticalSection __wsopen_s 83288->83304 83303 6fd72a 14 API calls __dosmaperr 83289->83303 83292->83283 83306 71af5d 83293->83306 83295 716908 83296 716921 SetFilePointerEx 83295->83296 83297 716910 83295->83297 83298 716939 GetLastError 83296->83298 83301 716915 83296->83301 83299 6fd73d __dosmaperr 14 API calls 83297->83299 83317 6fd707 14 API calls __dosmaperr 83298->83317 83299->83301 83301->83288 83302->83275 83303->83288 83304->83282 83305->83278 83307 71af6a 83306->83307 83309 71af7f 83306->83309 83318 6fd72a 14 API calls __dosmaperr 83307->83318 83314 71afa4 83309->83314 83319 6fd72a 14 API calls __dosmaperr 83309->83319 83311 71af6f 83313 6fd73d __dosmaperr 14 API calls 83311->83313 83312 71afaf 83315 6fd73d __dosmaperr 14 API calls 83312->83315 83316 71af77 __cftoe 83313->83316 83314->83295 83315->83316 83316->83295 83317->83301 83318->83311 83319->83312 83320->83259 83322 715ffa 83321->83322 83331 71600b __cftoe 83321->83331 83323 715ffe 83322->83323 83325 71604e 83322->83325 83384 6fd72a 14 API calls __dosmaperr 83323->83384 83327 716061 83325->83327 83367 71698d 83325->83367 83326 716003 83328 6fd73d __dosmaperr 14 API calls 83326->83328 83370 715b7f 83327->83370 83328->83331 83331->83266 83333 716077 83337 7160a0 83333->83337 83338 71607b 83333->83338 83334 7160b6 83335 7160ca 83334->83335 83336 71610f WriteFile 83334->83336 83339 7160d5 83335->83339 83340 7160ff 83335->83340 83341 716133 GetLastError 83336->83341 83353 7160ed 83336->83353 83386 71576d 53 API calls 6 library calls 83337->83386 83347 716096 83338->83347 83385 715b17 6 API calls __wsopen_s 83338->83385 83343 7160da 83339->83343 83344 7160ef 83339->83344 83377 715bf0 83340->83377 83341->83353 83343->83347 83348 7160df 83343->83348 83388 715db4 8 API calls 3 library calls 83344->83388 83347->83331 83351 716183 83347->83351 83352 716159 83347->83352 83387 715ccb 7 API calls 2 library calls 83348->83387 83351->83331 83356 6fd73d __dosmaperr 14 API calls 83351->83356 83354 716160 83352->83354 83355 716177 83352->83355 83353->83347 83357 6fd73d __dosmaperr 14 API calls 83354->83357 83390 6fd707 14 API calls __dosmaperr 83355->83390 83359 71619b 83356->83359 83360 716165 83357->83360 83391 6fd72a 14 API calls __dosmaperr 83359->83391 83389 6fd72a 14 API calls __dosmaperr 83360->83389 83363->83252 83364->83266 83365->83260 83366->83256 83368 7168f6 __wsopen_s 16 API calls 83367->83368 83369 7169a3 83368->83369 83369->83327 83371 71ec2a __wsopen_s 14 API calls 83370->83371 83372 715b90 83371->83372 83376 715be6 83372->83376 83392 711ca9 48 API calls 3 library calls 83372->83392 83374 715bcd GetConsoleMode 83374->83376 83375 715bb3 83375->83374 83375->83376 83376->83333 83376->83334 83380 715bff __wsopen_s 83377->83380 83378 715cb0 83393 6f8367 83378->83393 83380->83378 83382 715c6f WriteFile 83380->83382 83381 715cc9 83381->83347 83382->83380 83383 715cb2 GetLastError 83382->83383 83383->83378 83384->83326 83385->83347 83386->83347 83387->83353 83388->83353 83389->83331 83390->83331 83391->83331 83392->83375 83394 6f836f 83393->83394 83395 6f8370 IsProcessorFeaturePresent 83393->83395 83394->83381 83397 6f9055 83395->83397 83400 6f9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 83397->83400 83399 6f9138 83399->83381 83400->83399 83401->83220 83402 69928d 83441 698fb0 CoCreateGuid 83402->83441 83404 699293 83405 699297 83404->83405 83408 6992e9 83404->83408 83480 689bb0 InitOnceBeginInitialize 83405->83480 83411 699307 83408->83411 83417 699366 83408->83417 83413 689bb0 125 API calls 83411->83413 83415 69930c 83413->83415 83418 689940 164 API calls 83415->83418 83421 6992e0 std::ios_base::_Ios_base_dtor codecvt 83417->83421 83422 689bb0 125 API calls 83417->83422 83419 69931c 83418->83419 83423 681b84 79 API calls 83419->83423 83420 6992d8 83510 68b8a0 83420->83510 83432 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83421->83432 83425 69937e 83422->83425 83426 699338 83423->83426 83427 689940 164 API calls 83425->83427 83526 681be0 76 API calls 83426->83526 83428 69938e 83427->83428 83430 681b84 79 API calls 83428->83430 83433 6993aa 83430->83433 83431 699348 83527 684190 83431->83527 83435 69944c 83432->83435 83531 689ab0 83433->83531 83438 6993ba 83440 68b8a0 163 API calls 83438->83440 83439 68b8a0 163 API calls 83439->83421 83440->83421 83442 699155 83441->83442 83443 698fd6 StringFromCLSID 83441->83443 83445 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83442->83445 83443->83442 83444 698fee 83443->83444 83444->83442 83446 698ffe 83444->83446 83447 699163 83445->83447 83448 699169 83446->83448 83451 699050 83446->83451 83465 699020 codecvt collate 83446->83465 83447->83404 83553 6834d0 21 API calls collate 83448->83553 83450 69916e 83554 6fd60f 83450->83554 83452 699173 Concurrency::cancel_current_task 83451->83452 83456 6990cd 83451->83456 83457 6990a6 83451->83457 83455 699180 83452->83455 83453 699134 CoTaskMemFree 83458 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83453->83458 83536 6ad900 83455->83536 83462 6f8713 std::_Facet_Register 27 API calls 83456->83462 83464 6990b7 codecvt 83456->83464 83457->83452 83539 6f8713 83457->83539 83460 69914f 83458->83460 83460->83404 83462->83464 83463 6991cd _Getvals 83466 689bb0 125 API calls 83463->83466 83464->83450 83464->83465 83465->83453 83467 699213 83466->83467 83468 689940 164 API calls 83467->83468 83469 699223 83468->83469 83470 681b84 79 API calls 83469->83470 83471 69923f 83470->83471 83472 689ab0 76 API calls 83471->83472 83473 69924f 83472->83473 83474 684190 5 API calls 83473->83474 83475 69925f 83474->83475 83476 68b8a0 163 API calls 83475->83476 83477 699267 std::ios_base::_Ios_base_dtor 83476->83477 83478 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83477->83478 83479 69944c 83478->83479 83479->83404 83481 689c45 83480->83481 83483 689bef 83480->83483 83619 7041c9 48 API calls std::locale::_Setgloballocale 83481->83619 83484 689c27 83483->83484 83589 689c50 83483->83589 83486 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83484->83486 83489 689c41 83486->83489 83490 689940 83489->83490 83491 689a1c 83490->83491 83492 689985 83490->83492 83873 68b420 163 API calls 3 library calls 83491->83873 83492->83491 83496 68998e _Getvals 83492->83496 83494 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83495 689a51 83494->83495 83505 681b84 83495->83505 83870 68b420 163 API calls 3 library calls 83496->83870 83498 6899d5 83871 689820 76 API calls 83498->83871 83500 6899e9 83872 68b690 79 API calls collate 83500->83872 83502 6899f8 83503 68b8a0 163 API calls 83502->83503 83504 689a00 std::ios_base::_Ios_base_dtor 83503->83504 83504->83494 83506 681bbf 83505->83506 83507 681bb6 83505->83507 83509 681be0 76 API calls 83506->83509 83874 6880b0 83507->83874 83509->83420 83511 68b8ff 83510->83511 83519 68b96c collate 83510->83519 83512 689ab0 76 API calls 83511->83512 83513 68b910 83512->83513 83941 68ba20 83513->83941 83516 68b9e0 83516->83421 83517 68b927 83955 6907c0 83517->83955 84029 690890 83517->84029 84099 6920f0 83517->84099 83518 68b93c 83518->83519 83520 68ba0d 83518->83520 84103 68cd20 83519->84103 83521 6fd60f 11 API calls 83520->83521 83522 68ba12 83521->83522 83526->83431 83528 6841cc 83527->83528 83529 6841d8 83527->83529 83530 684300 5 API calls 83528->83530 83529->83439 83530->83529 83532 689b1a 83531->83532 83533 689aec 83531->83533 83532->83438 84483 6820a0 76 API calls 4 library calls 83533->84483 83535 689afa 83535->83438 83558 6adc50 83536->83558 83538 6ad95d 83538->83463 83541 6f8718 83539->83541 83542 6f8732 83541->83542 83545 683599 std::_Facet_Register 83541->83545 83567 70594f 83541->83567 83577 70f60f EnterCriticalSection LeaveCriticalSection std::_Facet_Register 83541->83577 83542->83464 83544 6f873e 83544->83544 83545->83544 83547 6835c5 83545->83547 83574 6fa332 83545->83574 83548 6f8713 std::_Facet_Register 27 API calls 83547->83548 83550 6835cb 83548->83550 83549 6835d2 83549->83464 83550->83549 83578 6fd62c IsProcessorFeaturePresent 83550->83578 83552 6fd62b 83555 6fd61e 83554->83555 83556 6fd62c std::_Locinfo::_W_Getdays 11 API calls 83555->83556 83557 6fd62b 83556->83557 83559 6adc90 83558->83559 83563 6adcc5 83558->83563 83564 6f8760 83559->83564 83561 6adc9c 83562 6f8713 std::_Facet_Register 27 API calls 83561->83562 83562->83563 83563->83538 83565 6f8713 std::_Facet_Register 27 API calls 83564->83565 83566 6f8795 83565->83566 83566->83561 83572 712174 std::_Locinfo::_W_Getdays 83567->83572 83568 7121b2 83569 6fd73d __dosmaperr 14 API calls 83568->83569 83571 7121b0 83569->83571 83570 71219d RtlAllocateHeap 83570->83571 83570->83572 83571->83541 83572->83568 83572->83570 83582 70f60f EnterCriticalSection LeaveCriticalSection std::_Facet_Register 83572->83582 83575 6fa34c 83574->83575 83576 6fa379 RaiseException 83574->83576 83575->83576 83576->83545 83577->83541 83579 6fd638 83578->83579 83583 6fd453 83579->83583 83582->83572 83584 6fd46f _Getvals std::locale::_Setgloballocale 83583->83584 83585 6fd49b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 83584->83585 83586 6fd56c std::locale::_Setgloballocale 83585->83586 83587 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83586->83587 83588 6fd58a GetCurrentProcess TerminateProcess 83587->83588 83588->83552 83620 68e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 83589->83620 83592 689f7e 83594 68a048 collate 83592->83594 83597 68a072 83592->83597 83593 6f8760 27 API calls 83596 689cc1 83593->83596 83595 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83594->83595 83598 689c11 InitOnceComplete 83595->83598 83599 689e24 codecvt 83596->83599 83601 6ad900 27 API calls 83596->83601 83600 6fd60f 11 API calls 83597->83600 83598->83481 83598->83484 83599->83597 83602 6f8713 std::_Facet_Register 27 API calls 83599->83602 83603 68a077 83600->83603 83605 689cec 83601->83605 83606 689eec collate 83602->83606 83604 6ad900 27 API calls 83604->83592 83607 6ad900 27 API calls 83605->83607 83606->83597 83606->83604 83608 689d4c 83607->83608 83641 6e3b8a 83608->83641 83612 689def 83612->83599 83613 68a06d Concurrency::cancel_current_task 83612->83613 83614 689e9b 83612->83614 83615 689e74 83612->83615 83613->83597 83614->83599 83618 6f8713 std::_Facet_Register 27 API calls 83614->83618 83615->83613 83616 689e7f 83615->83616 83617 6f8713 std::_Facet_Register 27 API calls 83616->83617 83617->83599 83618->83599 83621 68e37d 83620->83621 83622 68e376 collate 83620->83622 83665 68deb0 83621->83665 83624 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83622->83624 83626 689ca2 83624->83626 83625 68e3d9 83627 68e3dd 83625->83627 83628 68e3e8 _Getvals 83625->83628 83626->83592 83626->83593 83627->83622 83631 68e62e 83627->83631 83629 68e425 GetModuleFileNameW 83628->83629 83630 68e443 83629->83630 83637 68e54f collate 83629->83637 83717 68daa0 29 API calls 3 library calls 83630->83717 83634 6fd60f 11 API calls 83631->83634 83633 68e454 83633->83637 83718 68dc20 83633->83718 83635 68e633 83634->83635 83637->83627 83637->83631 83638 68e629 83640 6fd60f 11 API calls 83638->83640 83639 68e49d collate 83639->83637 83639->83638 83640->83631 83827 6e38db 83641->83827 83643 689dd9 83644 691130 83643->83644 83833 693d80 83644->83833 83648 691183 83649 6913d8 83648->83649 83650 69119d 83648->83650 83865 6834d0 21 API calls collate 83649->83865 83857 6840e8 83650->83857 83653 6911bc 83861 693640 28 API calls codecvt 83653->83861 83654 6fd60f 11 API calls 83656 6913e2 83654->83656 83657 6911cc 83862 693590 28 API calls codecvt 83657->83862 83659 6911df 83863 68f310 28 API calls 3 library calls 83659->83863 83661 6911f5 83864 693590 28 API calls codecvt 83661->83864 83663 691208 collate 83663->83654 83664 6913b9 collate 83663->83664 83664->83612 83789 6fa920 83665->83789 83668 68df16 83671 68dc20 93 API calls 83668->83671 83669 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83670 68e2ee 83669->83670 83670->83625 83672 68df5d collate 83671->83672 83673 68e2f2 83672->83673 83674 68e00f collate 83672->83674 83675 6fd60f 11 API calls 83673->83675 83791 68f520 83674->83791 83677 68e2f7 83675->83677 83679 6fd60f 11 API calls 83677->83679 83678 68e084 83806 68e640 83678->83806 83681 68e2fc 83679->83681 83683 6fd60f 11 API calls 83681->83683 83684 68e301 83683->83684 83685 6fd60f 11 API calls 83684->83685 83686 68e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 83685->83686 83689 68e37d 83686->83689 83697 68e376 collate 83686->83697 83688 68e0e8 collate 83688->83688 83690 68dc20 93 API calls 83688->83690 83712 68e2bd collate 83688->83712 83691 68deb0 93 API calls 83689->83691 83700 68e143 collate 83690->83700 83693 68e3d9 83691->83693 83692 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83694 68e625 83692->83694 83695 68e3e8 _Getvals 83693->83695 83698 68e3dd 83693->83698 83694->83625 83696 68e425 GetModuleFileNameW 83695->83696 83699 68e443 83696->83699 83713 68e54f collate 83696->83713 83697->83692 83698->83697 83701 68e62e 83698->83701 83821 68daa0 29 API calls 3 library calls 83699->83821 83700->83681 83703 68e1f5 collate 83700->83703 83706 6fd60f 11 API calls 83701->83706 83704 68f520 28 API calls 83703->83704 83707 68e264 83704->83707 83705 68e454 83710 68dc20 93 API calls 83705->83710 83705->83713 83708 68e633 83706->83708 83709 68e640 87 API calls 83707->83709 83711 68e27d 83709->83711 83715 68e49d collate 83710->83715 83711->83684 83711->83712 83712->83669 83713->83698 83713->83701 83714 68e629 83716 6fd60f 11 API calls 83714->83716 83715->83713 83715->83714 83716->83701 83717->83633 83719 68dc83 83718->83719 83720 68dc55 83718->83720 83722 68dcaa 83719->83722 83723 68dd83 83719->83723 83721 68f520 28 API calls 83720->83721 83725 68dc71 83721->83725 83726 68f520 28 API calls 83722->83726 83724 68f520 28 API calls 83723->83724 83727 68dd92 83724->83727 83725->83639 83728 68dcb9 83726->83728 83730 68f520 28 API calls 83727->83730 83729 68f520 28 API calls 83728->83729 83731 68dce7 83729->83731 83732 68ddc0 83730->83732 83824 68f310 28 API calls 3 library calls 83731->83824 83825 68f310 28 API calls 3 library calls 83732->83825 83735 68dd67 collate 83735->83639 83736 6fd60f 11 API calls 83738 68dea8 _Getvals 83736->83738 83737 68dcfd collate 83737->83735 83737->83736 83739 68def8 SHGetSpecialFolderPathW 83738->83739 83740 68df16 83739->83740 83784 68e2bd collate 83739->83784 83743 68dc20 93 API calls 83740->83743 83741 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83742 68e2ee 83741->83742 83742->83639 83745 68df5d collate 83743->83745 83744 68e2f2 83747 6fd60f 11 API calls 83744->83747 83745->83744 83746 68e00f collate 83745->83746 83748 68f520 28 API calls 83746->83748 83749 68e2f7 83747->83749 83750 68e084 83748->83750 83751 6fd60f 11 API calls 83749->83751 83752 68e640 87 API calls 83750->83752 83753 68e2fc 83751->83753 83754 68e09d 83752->83754 83755 6fd60f 11 API calls 83753->83755 83754->83749 83760 68e0e8 collate 83754->83760 83756 68e301 83755->83756 83757 6fd60f 11 API calls 83756->83757 83758 68e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 83757->83758 83761 68e37d 83758->83761 83771 68e376 collate 83758->83771 83760->83760 83762 68dc20 93 API calls 83760->83762 83760->83784 83763 68deb0 93 API calls 83761->83763 83770 68e143 collate 83762->83770 83765 68e3d9 83763->83765 83764 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83766 68e625 83764->83766 83767 68e3e8 _Getvals 83765->83767 83768 68e3dd 83765->83768 83766->83639 83769 68e425 GetModuleFileNameW 83767->83769 83768->83771 83773 68e62e 83768->83773 83772 68e443 83769->83772 83785 68e54f collate 83769->83785 83770->83753 83775 68e1f5 collate 83770->83775 83771->83764 83826 68daa0 29 API calls 3 library calls 83772->83826 83778 6fd60f 11 API calls 83773->83778 83776 68f520 28 API calls 83775->83776 83779 68e264 83776->83779 83777 68e454 83782 68dc20 93 API calls 83777->83782 83777->83785 83780 68e633 83778->83780 83781 68e640 87 API calls 83779->83781 83783 68e27d 83781->83783 83787 68e49d collate 83782->83787 83783->83756 83783->83784 83784->83741 83785->83768 83785->83773 83786 68e629 83788 6fd60f 11 API calls 83786->83788 83787->83785 83787->83786 83788->83773 83790 68def8 SHGetSpecialFolderPathW 83789->83790 83790->83668 83790->83712 83794 68f571 83791->83794 83795 68f541 codecvt 83791->83795 83792 68f677 83822 6834d0 21 API calls collate 83792->83822 83794->83792 83796 68f672 Concurrency::cancel_current_task 83794->83796 83798 68f5fa 83794->83798 83799 68f5d3 83794->83799 83795->83678 83796->83792 83797 6fd60f 11 API calls 83800 68f681 83797->83800 83803 6f8713 std::_Facet_Register 27 API calls 83798->83803 83804 68f5e4 codecvt 83798->83804 83799->83796 83801 68f5de 83799->83801 83802 6f8713 std::_Facet_Register 27 API calls 83801->83802 83802->83804 83803->83804 83804->83797 83805 68f658 collate 83804->83805 83805->83678 83807 68e67e 83806->83807 83808 68e680 GetFileAttributesW 83806->83808 83807->83808 83812 68e690 83808->83812 83819 68e724 collate 83808->83819 83809 68e736 CreateDirectoryW 83810 68e09d 83809->83810 83811 68e742 GetLastError 83809->83811 83810->83677 83810->83688 83811->83810 83812->83812 83813 68f520 28 API calls 83812->83813 83812->83819 83814 68e6ec 83813->83814 83823 68d6d0 83 API calls 83814->83823 83816 68e6f8 83817 68e77d 83816->83817 83816->83819 83818 6fd60f 11 API calls 83817->83818 83820 68e782 83818->83820 83819->83809 83821->83705 83823->83816 83824->83737 83825->83737 83826->83777 83828 6e38e8 83827->83828 83829 6e38a6 InitializeCriticalSectionEx 83828->83829 83830 6e38c4 InitializeSRWLock 83828->83830 83829->83643 83830->83643 83866 6fa3a0 83833->83866 83835 693de7 WTSGetActiveConsoleSessionId 83836 693e0b OutputDebugStringW 83835->83836 83837 693e15 83835->83837 83844 693e57 codecvt collate 83836->83844 83837->83836 83841 693e3e 83837->83841 83839 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83840 691172 83839->83840 83856 693fd0 70 API calls 2 library calls 83840->83856 83842 693e4a 83841->83842 83843 693f81 OutputDebugStringW 83841->83843 83842->83844 83845 693fc0 83842->83845 83849 693e90 83842->83849 83843->83844 83844->83839 83868 6834d0 21 API calls collate 83845->83868 83847 693fc5 83850 6fd60f 11 API calls 83847->83850 83848 693fca Concurrency::cancel_current_task 83849->83848 83851 693f0e 83849->83851 83852 693ee7 83849->83852 83850->83848 83854 6f8713 std::_Facet_Register 27 API calls 83851->83854 83855 693ef8 codecvt 83851->83855 83852->83848 83853 6f8713 std::_Facet_Register 27 API calls 83852->83853 83853->83855 83854->83855 83855->83844 83855->83847 83856->83648 83858 684122 83857->83858 83860 684147 codecvt 83857->83860 83869 6833c3 28 API calls collate 83858->83869 83860->83653 83861->83657 83862->83659 83863->83661 83864->83663 83867 6fa3b8 83866->83867 83867->83835 83867->83867 83869->83860 83870->83498 83871->83500 83872->83502 83873->83504 83875 6880f9 83874->83875 83889 688185 collate 83874->83889 83893 687f60 83875->83893 83879 688109 83909 6881d0 28 API calls 4 library calls 83879->83909 83881 688119 83910 6889b0 83881->83910 83883 688130 83884 684300 5 API calls 83883->83884 83885 68813e 83884->83885 83921 688730 75 API calls 2 library calls 83885->83921 83887 68814b 83888 684300 5 API calls 83887->83888 83890 688156 83888->83890 83889->83506 83890->83889 83891 6fd60f 11 API calls 83890->83891 83892 6881c5 83891->83892 83894 687faa 83893->83894 83904 688076 83893->83904 83922 6e3cd6 83894->83922 83895 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83897 68809e 83895->83897 83905 684300 83897->83905 83898 687faf std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 83898->83898 83925 689620 76 API calls 2 library calls 83898->83925 83900 688036 83926 688530 75 API calls 2 library calls 83900->83926 83902 68806b 83903 684300 5 API calls 83902->83903 83903->83904 83904->83895 83907 68430c __EH_prolog3_catch 83905->83907 83932 682c9c 83907->83932 83908 68436d ctype 83908->83879 83909->83881 83911 6889ff 83910->83911 83912 682c9c 5 API calls 83911->83912 83920 688a1b 83912->83920 83913 688bce 83913->83883 83915 688c51 83916 6fa332 _com_raise_error RaiseException 83915->83916 83917 688c5f 83916->83917 83938 6fe960 83917->83938 83919 688c71 collate 83919->83883 83920->83913 83937 6828d1 27 API calls 3 library calls 83920->83937 83921->83887 83927 6e6d6a 83922->83927 83925->83900 83926->83902 83928 6e6d7b GetSystemTimePreciseAsFileTime 83927->83928 83929 6e6d87 GetSystemTimeAsFileTime 83927->83929 83930 6e3ce4 83928->83930 83929->83930 83930->83898 83933 682ca8 __EH_prolog3 83932->83933 83934 682cf7 ctype 83933->83934 83936 682c33 5 API calls 2 library calls 83933->83936 83934->83908 83936->83934 83937->83915 83939 712098 _free 14 API calls 83938->83939 83940 6fe978 83939->83940 83940->83919 83943 68ba83 83941->83943 83942 68bba2 84106 6834d0 21 API calls collate 83942->84106 83943->83942 83946 68bb9d Concurrency::cancel_current_task 83943->83946 83948 68bb43 83943->83948 83949 68bb64 83943->83949 83951 68baca codecvt 83943->83951 83945 68bb50 83947 6fd60f 11 API calls 83945->83947 83945->83951 83946->83942 83950 68bbac 83947->83950 83948->83946 83952 68bb4a 83948->83952 83949->83951 83953 6f8713 std::_Facet_Register 27 API calls 83949->83953 83951->83517 83954 6f8713 std::_Facet_Register 27 API calls 83952->83954 83953->83951 83954->83945 83956 6907cb collate 83955->83956 83957 6fd60f 11 API calls 83956->83957 83959 69083b __Mtx_destroy_in_situ collate 83956->83959 83958 690884 83957->83958 84107 6e3bab 83958->84107 83959->83518 83962 6908e8 83964 6908f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 83962->83964 83968 690a51 _Getvals 83962->83968 83963 691045 84172 6e3faf 83963->84172 83970 690911 83964->83970 83981 690fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 83964->83981 83966 69104b 83967 6fd60f 11 API calls 83966->83967 83978 690f65 83967->83978 84110 693110 83968->84110 83973 68f520 28 API calls 83970->83973 83971 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 83974 69103f 83971->83974 83976 690991 83973->83976 83974->83518 83979 68e640 87 API calls 83976->83979 84187 6828d1 27 API calls 3 library calls 83978->84187 83980 6909a4 83979->83980 83980->83966 83984 6909ec collate 83980->83984 83981->83971 83990 690a1d 83984->83990 83991 690a31 83984->83991 83986 691087 83989 6fa332 _com_raise_error RaiseException 83986->83989 83992 691098 83989->83992 83990->83981 83993 690a25 LocalFree 83990->83993 83991->83968 83994 690a42 LocalFree 83991->83994 83993->83981 83994->83968 84030 6e3bab 13 API calls 84029->84030 84031 6908dd 84030->84031 84032 6908e8 84031->84032 84033 691045 84031->84033 84034 6908f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84032->84034 84038 690a51 _Getvals 84032->84038 84035 6e3faf 79 API calls 84033->84035 84040 690911 84034->84040 84051 690fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84034->84051 84036 69104b 84035->84036 84037 6fd60f 11 API calls 84036->84037 84045 690f65 84037->84045 84039 693110 102 API calls 84038->84039 84042 690a84 84039->84042 84043 68f520 28 API calls 84040->84043 84041 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84044 69103f 84041->84044 84046 690fa9 84042->84046 84053 6f8713 std::_Facet_Register 27 API calls 84042->84053 84097 690c43 codecvt 84042->84097 84047 690991 84043->84047 84044->83518 84444 6828d1 27 API calls 3 library calls 84045->84444 84443 692b90 73 API calls collate 84046->84443 84049 68e640 87 API calls 84047->84049 84050 6909a4 84049->84050 84050->84036 84054 6909ec collate 84050->84054 84051->84041 84057 690ae1 _Getvals 84053->84057 84060 690a1d 84054->84060 84061 690a31 84054->84061 84055 6889b0 27 API calls 84058 690d38 84055->84058 84056 691087 84059 6fa332 _com_raise_error RaiseException 84056->84059 84066 6e3367 std::_Lockit::_Lockit 7 API calls 84057->84066 84065 682c9c 5 API calls 84058->84065 84073 690d68 84058->84073 84062 691098 84059->84062 84060->84051 84063 690a25 LocalFree 84060->84063 84061->84038 84064 690a42 LocalFree 84061->84064 84063->84051 84064->84038 84065->84073 84068 690b0d 84066->84068 84067 682c9c 5 API calls 84069 690e1f 84067->84069 84436 6e3184 72 API calls 2 library calls 84068->84436 84079 690e6e 84069->84079 84098 692380 70 API calls 84069->84098 84071 690b55 84437 6e33f6 48 API calls 2 library calls 84071->84437 84073->84045 84073->84046 84073->84067 84074 690b61 84438 683128 72 API calls 3 library calls 84074->84438 84076 690b8b 84077 6e3084 std::locale::_Init 57 API calls 84076->84077 84078 690b9c 84077->84078 84439 6e31e9 77 API calls 4 library calls 84078->84439 84079->84046 84081 693030 73 API calls 84079->84081 84083 690f29 84081->84083 84082 690ba9 84084 690be6 84082->84084 84087 6e3367 std::_Lockit::_Lockit 7 API calls 84082->84087 84083->84045 84086 690f78 84083->84086 84440 6e5688 77 API calls 9 library calls 84084->84440 84441 68e790 34 API calls 2 library calls 84086->84441 84089 690bc5 84087->84089 84088 690bf7 84091 690c1e 84088->84091 84094 6fe960 ~ctype 14 API calls 84088->84094 84088->84097 84092 6e33bf std::_Lockit::~_Lockit 2 API calls 84089->84092 84096 70594f _Yarn 15 API calls 84091->84096 84092->84084 84093 690f9f 84442 691740 28 API calls 84093->84442 84094->84091 84096->84097 84097->84055 84098->84079 84100 6920f9 84099->84100 84102 692123 84099->84102 84100->84102 84445 704ef7 84100->84445 84102->83518 84476 68cc80 84103->84476 84105 68cd2f collate 84105->83516 84188 6e394b 84107->84188 84208 68be30 84110->84208 84173 6e3fba 84172->84173 84174 6e3fcd 84173->84174 84175 7041c9 84173->84175 84432 6e3fdc 78 API calls _com_raise_error 84174->84432 84433 714be4 EnterCriticalSection LeaveCriticalSection std::locale::_Setgloballocale 84175->84433 84178 7041ce 84182 7041d9 84178->84182 84434 714c32 48 API calls 7 library calls 84178->84434 84180 7041e3 IsProcessorFeaturePresent 84183 7041ef 84180->84183 84182->84180 84186 704202 84182->84186 84184 6fd453 std::locale::_Setgloballocale 8 API calls 84183->84184 84184->84186 84185 70420c 84435 70e9c0 23 API calls std::locale::_Setgloballocale 84186->84435 84187->83986 84189 6e3973 GetCurrentThreadId 84188->84189 84190 6e39a1 84188->84190 84191 6e397e GetCurrentThreadId 84189->84191 84196 6e3999 84189->84196 84192 6e3a05 84190->84192 84193 6e39a5 GetCurrentThreadId 84190->84193 84191->84196 84194 6e3a9e GetCurrentThreadId 84192->84194 84197 6e3a25 84192->84197 84203 6e39b0 84193->84203 84194->84203 84195 6e3ad5 GetCurrentThreadId 84195->84196 84198 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84196->84198 84206 6e3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 84197->84206 84200 6908dd 84198->84200 84200->83962 84200->83963 84202 6e3a55 GetCurrentThreadId 84202->84203 84204 6e3a30 __Xtime_diff_to_millis2 84202->84204 84203->84195 84203->84196 84204->84196 84204->84202 84204->84203 84207 6e3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 84204->84207 84206->84204 84207->84204 84234 68c0c0 84208->84234 84235 6f8713 std::_Facet_Register 27 API calls 84234->84235 84236 68c13a 84235->84236 84237 6e3084 std::locale::_Init 57 API calls 84236->84237 84238 68be3b 84237->84238 84239 68bff0 84238->84239 84240 68c02e 84239->84240 84245 6832de 84240->84245 84246 6832ea __EH_prolog3_GS 84245->84246 84247 6e3367 std::_Lockit::_Lockit 7 API calls 84246->84247 84248 6832f7 84247->84248 84265 682d14 14 API calls 3 library calls 84248->84265 84250 68330e std::locale::_Locimp::_Makeushloc 84251 683320 84250->84251 84266 6831d9 75 API calls 4 library calls 84250->84266 84252 6e33bf std::_Lockit::~_Lockit 2 API calls 84251->84252 84253 683365 84252->84253 84268 6f8def 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 84253->84268 84256 68332e 84258 68336d 84256->84258 84259 683335 84256->84259 84269 683268 RaiseException _com_raise_error Concurrency::cancel_current_task collate 84258->84269 84267 6e3052 27 API calls std::_Facet_Register 84259->84267 84262 683372 84270 6e32da LCMapStringEx ___crtLCMapStringW 84262->84270 84265->84250 84266->84256 84267->84251 84269->84262 84432->84174 84433->84178 84434->84182 84435->84185 84436->84071 84437->84074 84438->84076 84439->84082 84440->84088 84441->84093 84443->84051 84444->84056 84446 704f09 84445->84446 84448 704f12 ___scrt_uninitialize_crt 84445->84448 84461 704d9c 72 API calls ___scrt_uninitialize_crt 84446->84461 84450 704f23 84448->84450 84453 704d3c 84448->84453 84449 704f0f 84449->84102 84450->84102 84454 704d48 CallCatchBlock 84453->84454 84462 70582c EnterCriticalSection 84454->84462 84456 704d56 84463 704ea6 84456->84463 84460 704d79 84460->84102 84461->84449 84462->84456 84464 704eb3 84463->84464 84465 704ebc 84463->84465 84474 704d9c 72 API calls ___scrt_uninitialize_crt 84464->84474 84467 704e41 ___scrt_uninitialize_crt 68 API calls 84465->84467 84468 704ec2 84467->84468 84469 704d67 84468->84469 84470 712e1c std::locale::_Setgloballocale 14 API calls 84468->84470 84473 704d90 LeaveCriticalSection ___scrt_uninitialize_crt 84469->84473 84471 704ed8 84470->84471 84475 7156f0 18 API calls 3 library calls 84471->84475 84473->84460 84474->84469 84475->84469 84477 68cc89 84476->84477 84478 68cccb collate 84476->84478 84477->84478 84479 6fd60f 11 API calls 84477->84479 84478->84105 84480 68cd1f 84479->84480 84481 68cc80 11 API calls 84480->84481 84482 68cd2f collate 84481->84482 84482->84105 84483->83535 84484 6e14c6 84485 6e14d0 84484->84485 84486 6e293c ___delayLoadHelper2@8 16 API calls 84485->84486 84487 6e14dd 84486->84487 84488 7022d9 84489 7022e9 84488->84489 84490 7022fc 84488->84490 84491 6fd73d __dosmaperr 14 API calls 84489->84491 84492 70230e 84490->84492 84497 702321 84490->84497 84514 7022ee __cftoe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 84491->84514 84493 6fd73d __dosmaperr 14 API calls 84492->84493 84493->84514 84494 702341 84498 6fd73d __dosmaperr 14 API calls 84494->84498 84495 702352 84515 713ead 84495->84515 84497->84494 84497->84495 84498->84514 84501 702369 84502 70255d 84501->84502 84522 71349f 14 API calls 2 library calls 84501->84522 84503 6fd62c std::_Locinfo::_W_Getdays 11 API calls 84502->84503 84505 702567 84503->84505 84506 70237b 84506->84502 84523 7134cb 84506->84523 84508 70238d 84508->84502 84509 702396 84508->84509 84510 70241b 84509->84510 84511 7023b7 84509->84511 84510->84514 84529 713f0a 25 API calls 2 library calls 84510->84529 84511->84514 84528 713f0a 25 API calls 2 library calls 84511->84528 84516 713eb9 CallCatchBlock 84515->84516 84517 702357 84516->84517 84530 70cd41 EnterCriticalSection 84516->84530 84521 713473 14 API calls 2 library calls 84517->84521 84519 713eca 84531 713f01 LeaveCriticalSection std::_Lockit::~_Lockit 84519->84531 84521->84501 84522->84506 84524 7134d7 84523->84524 84525 7134ec 84523->84525 84526 6fd73d __dosmaperr 14 API calls 84524->84526 84525->84508 84527 7134dc __cftoe 84526->84527 84527->84508 84528->84514 84529->84514 84530->84519 84531->84517 84532 6929e0 84533 692a00 84532->84533 84534 692a15 84532->84534 84535 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84533->84535 84537 692a2b 84534->84537 84546 692a54 84534->84546 84536 692a0f 84535->84536 84539 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84537->84539 84538 692b4c 84540 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84538->84540 84541 692a4e 84539->84541 84542 692b60 84540->84542 84544 692ae0 84544->84538 84545 692af0 84544->84545 84548 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84545->84548 84546->84538 84547 692b07 84546->84547 84549 692a86 84546->84549 84552 70569d 70 API calls 84547->84552 84554 692b1f 84547->84554 84550 692b01 84548->84550 84549->84538 84556 704762 52 API calls 4 library calls 84549->84556 84551 692b34 84553 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84551->84553 84552->84554 84555 692b46 84553->84555 84554->84538 84554->84551 84556->84544 84557 7161fa 84558 716206 CallCatchBlock 84557->84558 84559 716223 84558->84559 84560 71620c 84558->84560 84568 70582c EnterCriticalSection 84559->84568 84561 6fd73d __dosmaperr 14 API calls 84560->84561 84566 716211 __cftoe 84561->84566 84563 716233 84569 71627a 84563->84569 84565 71623f 84588 716270 LeaveCriticalSection ___scrt_uninitialize_crt 84565->84588 84568->84563 84570 716288 84569->84570 84571 71629f 84569->84571 84573 6fd73d __dosmaperr 14 API calls 84570->84573 84572 712e1c std::locale::_Setgloballocale 14 API calls 84571->84572 84575 7162a9 84572->84575 84574 71628d __cftoe 84573->84574 84574->84565 84576 716972 18 API calls 84575->84576 84577 7162c4 84576->84577 84578 716337 84577->84578 84579 71638c 84577->84579 84585 7162ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 84577->84585 84581 716351 84578->84581 84584 716365 84578->84584 84580 71639a 84579->84580 84579->84584 84582 6fd73d __dosmaperr 14 API calls 84580->84582 84589 7165bd 24 API calls 4 library calls 84581->84589 84582->84585 84584->84585 84590 7163fe 18 API calls 2 library calls 84584->84590 84585->84565 84586 71635d 84586->84585 84588->84566 84589->84586 84590->84585 84591 695204 RegOpenKeyExW 84592 6952e2 84591->84592 84593 695244 RegQueryValueExW 84591->84593 84594 6fe960 ~ctype 14 API calls 84592->84594 84595 6952ca RegCloseKey 84593->84595 84601 695275 84593->84601 84597 6952ea GetLastError 84594->84597 84595->84592 84596 69538b 84595->84596 84598 6953de OutputDebugStringW 84596->84598 84604 6953fd _Getvals 84596->84604 84597->84596 84641 694f50 84598->84641 84600 6953f0 84603 69549c OutputDebugStringW 84600->84603 84609 695584 84600->84609 84601->84595 84602 6952b4 SetLastError RegCloseKey 84601->84602 84602->84592 84657 694e60 84603->84657 84604->84600 84611 696ae0 5 API calls 84604->84611 84606 695703 84608 69570c LoadLibraryExW 84606->84608 84618 6956f7 84606->84618 84607 6954b6 84607->84609 84613 694e60 3 API calls 84607->84613 84612 69571d GetLastError 84608->84612 84608->84618 84609->84606 84610 6955c4 84609->84610 84673 694dc0 84610->84673 84611->84600 84614 6fe960 ~ctype 14 API calls 84612->84614 84615 6954c8 84613->84615 84614->84618 84617 6954e8 84615->84617 84619 695510 84615->84619 84623 6fe960 ~ctype 14 API calls 84615->84623 84621 70594f _Yarn 15 API calls 84617->84621 84622 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84618->84622 84619->84610 84626 694e60 3 API calls 84619->84626 84620 6956e7 84620->84618 84625 6fe960 ~ctype 14 API calls 84620->84625 84621->84619 84627 69577e 84622->84627 84623->84617 84625->84618 84628 695531 84626->84628 84661 694cc0 84628->84661 84630 694dc0 3 API calls 84631 69566a 84630->84631 84632 70594f _Yarn 15 API calls 84631->84632 84633 695697 84632->84633 84633->84620 84635 694dc0 3 API calls 84633->84635 84634 695546 _Getvals 84634->84610 84666 696ae0 84634->84666 84636 6956ae 84635->84636 84638 694cc0 54 API calls 84636->84638 84639 6956cd OutputDebugStringW 84638->84639 84640 6fe960 ~ctype 14 API calls 84639->84640 84640->84620 84642 694f98 84641->84642 84643 695099 84641->84643 84642->84643 84644 694fae GetCurrentDirectoryW 84642->84644 84645 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84643->84645 84646 69500b GetLastError 84644->84646 84647 694fc5 84644->84647 84648 695109 84645->84648 84652 694fec 84646->84652 84649 694fd6 GetCurrentDirectoryW 84647->84649 84648->84600 84651 694ff2 GetLastError 84649->84651 84649->84652 84650 70594f _Yarn 15 API calls 84653 695045 84650->84653 84651->84652 84652->84643 84652->84650 84653->84643 84654 694cc0 54 API calls 84653->84654 84655 695064 _Getvals 84654->84655 84655->84643 84656 696ae0 5 API calls 84655->84656 84656->84643 84658 694e73 84657->84658 84660 694e7c 84657->84660 84659 694dc0 3 API calls 84658->84659 84659->84660 84660->84607 84662 694d2d 84661->84662 84663 694cce swprintf 84661->84663 84662->84634 84663->84662 84681 701faa 84663->84681 84667 696afc 84666->84667 84668 696bb2 84666->84668 84671 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84667->84671 84669 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84668->84669 84670 696bc0 84669->84670 84670->84609 84672 696bac 84671->84672 84672->84609 84674 694e49 84673->84674 84678 694dce 84673->84678 84674->84620 84674->84630 84675 694dec GetModuleFileNameW 84676 694e23 84675->84676 84677 694e02 GetLastError 84675->84677 84679 694e2f GetLastError 84676->84679 84680 694e28 84676->84680 84677->84676 84677->84678 84678->84675 84679->84680 84680->84674 84684 6ff2ec 84681->84684 84685 6ff32c 84684->84685 84686 6ff314 84684->84686 84685->84686 84688 6ff334 84685->84688 84687 6fd73d __dosmaperr 14 API calls 84686->84687 84695 6ff319 __cftoe 84687->84695 84697 6fe6db 48 API calls 2 library calls 84688->84697 84690 6ff344 swprintf 84698 7001c8 54 API calls 4 library calls 84690->84698 84691 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84692 694cf9 84691->84692 84692->84634 84695->84691 84696 6ff3cb 84699 6ffafc 14 API calls _free 84696->84699 84697->84690 84698->84696 84699->84695 84700 6f8aa2 84701 6f8aae CallCatchBlock 84700->84701 84728 6f83f9 84701->84728 84703 6f8ab5 84704 6f8c08 84703->84704 84714 6f8adf ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 84703->84714 84747 6f93f2 4 API calls 2 library calls 84704->84747 84706 6f8c0f 84740 70e9fc 84706->84740 84710 6f8c1d 84711 6f8afe 84712 6f8b80 84736 6f950d GetStartupInfoW _Getvals 84712->84736 84714->84711 84714->84712 84716 6f8b78 84714->84716 84715 6f8b85 84737 6859aa 84715->84737 84743 70c768 54 API calls 4 library calls 84716->84743 84718 6f8b7f 84718->84712 84722 6f8ba1 84722->84706 84723 6f8ba5 84722->84723 84724 6f8bae 84723->84724 84745 70e9b1 23 API calls std::locale::_Setgloballocale 84723->84745 84746 6f856a 79 API calls ___scrt_uninitialize_crt 84724->84746 84727 6f8bb6 84727->84711 84729 6f8402 84728->84729 84749 6f9215 IsProcessorFeaturePresent 84729->84749 84731 6f840e 84750 6fbd89 10 API calls 2 library calls 84731->84750 84733 6f8413 84734 6f8417 84733->84734 84751 6fbda8 7 API calls 2 library calls 84733->84751 84734->84703 84736->84715 84752 684e1f 84737->84752 88646 70e89a 84740->88646 84743->84718 84744 6f9543 GetModuleHandleW 84744->84722 84745->84724 84746->84727 84747->84706 84748 70e9c0 23 API calls std::locale::_Setgloballocale 84748->84710 84749->84731 84750->84733 84751->84734 84995 6ad6d0 GetModuleHandleW 84752->84995 84754 684e6c 84755 684ec6 84754->84755 84756 689bb0 125 API calls 84754->84756 84999 684d63 84755->84999 84758 684e7a 84756->84758 84762 689940 164 API calls 84758->84762 84760 684f39 CoInitializeEx 84765 684f48 84760->84765 84761 684ee0 84763 689bb0 125 API calls 84761->84763 84764 684e8a 84762->84764 84766 684ee5 84763->84766 84767 681b84 79 API calls 84764->84767 84768 684f56 84765->84768 85019 685a4f 84765->85019 84771 689940 164 API calls 84766->84771 84772 684eab 84767->84772 84770 6f8760 27 API calls 84768->84770 84773 684f78 84770->84773 84774 684ef5 84771->84774 85246 681be0 76 API calls 84772->85246 85056 685d57 84773->85056 84776 681b84 79 API calls 84774->84776 84778 684f16 84776->84778 84777 684ebb 85247 68136c 84777->85247 85250 681be0 76 API calls 84778->85250 84782 684f91 84784 684f9b 84782->84784 84785 684ff1 84782->84785 84783 684f26 84786 68136c 163 API calls 84783->84786 84788 689bb0 125 API calls 84784->84788 84787 6f8760 27 API calls 84785->84787 84789 684f31 84786->84789 84790 685004 84787->84790 84791 684fa0 84788->84791 84793 6858ef 84789->84793 84794 6858e3 CloseHandle 84789->84794 85060 685db6 84790->85060 84792 689940 164 API calls 84791->84792 84795 684fb0 84792->84795 84796 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 84793->84796 84794->84793 84799 681b84 79 API calls 84795->84799 84797 68590c 84796->84797 84797->84744 84801 684fd1 84799->84801 84800 685020 84802 68507b _Getvals 84800->84802 84803 68502e 84800->84803 85251 681be0 76 API calls 84801->85251 84809 6f8760 27 API calls 84802->84809 84805 689bb0 125 API calls 84803->84805 84808 685033 84805->84808 84806 684fe1 84807 68136c 163 API calls 84806->84807 84816 684fec 84807->84816 84810 689940 164 API calls 84808->84810 84811 6850c0 84809->84811 84812 685043 84810->84812 84813 6850d6 84811->84813 85253 696bd0 29 API calls 3 library calls 84811->85253 84814 681b84 79 API calls 84812->84814 85064 685e16 84813->85064 84815 68505b 84814->84815 85252 681be0 76 API calls 84815->85252 85245 6859c2 ReleaseMutex 84816->85245 84820 6858ce 84820->84789 84824 6858d4 CoUninitialize 84820->84824 84822 6850e7 84825 6850f2 84822->84825 84829 685143 84822->84829 84823 68506b 84826 68136c 163 API calls 84823->84826 84824->84789 84827 689bb0 125 API calls 84825->84827 84826->84816 84828 6850f7 84827->84828 84830 689940 164 API calls 84828->84830 85070 6b3670 84829->85070 84832 685107 84830->84832 84996 6ad6df GetProcAddress 84995->84996 84997 6ad6fd 84995->84997 84996->84997 84998 6ad6ef 84996->84998 84997->84754 84998->84754 85277 684c8e GetCurrentProcessId 84999->85277 85002 684df0 85002->84760 85002->84761 85003 684d7f CreateMutexW 85004 684d92 85003->85004 85005 684df4 WaitForSingleObject 85003->85005 85007 689bb0 125 API calls 85004->85007 85005->85002 85006 684e06 85005->85006 85006->85002 85008 684e0b CloseHandle 85006->85008 85009 684d97 85007->85009 85008->85002 85010 689940 164 API calls 85009->85010 85011 684da5 85010->85011 85012 681b84 79 API calls 85011->85012 85013 684dc2 85012->85013 85289 681be0 76 API calls 85013->85289 85015 684dd0 GetLastError 85016 686140 75 API calls 85015->85016 85017 684de7 85016->85017 85018 68136c 163 API calls 85017->85018 85018->85002 85020 685a5e __EH_prolog3_GS 85019->85020 85416 685c1e 85020->85416 85023 685a78 85025 689bb0 125 API calls 85023->85025 85024 685b92 _com_issue_error 85026 685a7d 85025->85026 85027 689940 164 API calls 85026->85027 85028 685a8d 85027->85028 85030 681b84 79 API calls 85028->85030 85029 685acc 85029->85024 85031 685b38 85029->85031 85032 685af5 85029->85032 85033 685aa9 85030->85033 85034 689bb0 125 API calls 85031->85034 85035 689bb0 125 API calls 85032->85035 85423 681be0 76 API calls 85033->85423 85037 685b3d 85034->85037 85038 685afa 85035->85038 85040 689940 164 API calls 85037->85040 85041 689940 164 API calls 85038->85041 85039 685ab9 85424 686300 75 API calls 85039->85424 85044 685b4d 85040->85044 85045 685b0a 85041->85045 85043 685ac7 85049 68136c 163 API calls 85043->85049 85046 681b84 79 API calls 85044->85046 85047 681b84 79 API calls 85045->85047 85048 685b69 85046->85048 85050 685b26 85047->85050 85426 681be0 76 API calls 85048->85426 85052 685b84 85049->85052 85425 681be0 76 API calls 85050->85425 85427 6f8def 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 85052->85427 85057 685d63 __EH_prolog3 85056->85057 85058 6f8713 std::_Facet_Register 27 API calls 85057->85058 85059 685d7c ctype collate 85058->85059 85059->84782 85061 685dc2 __EH_prolog3 85060->85061 85062 6f8713 std::_Facet_Register 27 API calls 85061->85062 85063 685ddb ctype 85062->85063 85063->84800 85065 685e22 __EH_prolog3 85064->85065 85066 6f8713 std::_Facet_Register 27 API calls 85065->85066 85067 685e3b 85066->85067 85428 685eee 85067->85428 85069 685e6c ctype 85069->84822 85071 6b36ae 85070->85071 85102 6b3977 85071->85102 85433 696d24 85071->85433 85079 6b39df 85102->85079 85607 6b8650 85102->85607 85245->84820 85246->84777 85248 68b8a0 163 API calls 85247->85248 85249 68139a std::ios_base::_Ios_base_dtor 85248->85249 85249->84755 85250->84783 85251->84806 85252->84823 85253->84813 85278 684cb0 CreateToolhelp32Snapshot 85277->85278 85279 684cc5 Process32FirstW 85278->85279 85280 684cdd 85278->85280 85279->85280 85280->85278 85281 684ce3 Process32NextW 85280->85281 85284 684cf9 CloseHandle 85280->85284 85287 683899 5 API calls 85280->85287 85288 684d44 85280->85288 85290 694590 85280->85290 85301 702041 85280->85301 85281->85280 85283 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85285 684d58 85283->85285 85284->85280 85285->85002 85285->85003 85287->85280 85288->85283 85289->85015 85309 694760 85290->85309 85293 694650 collate 85294 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85293->85294 85295 69468c 85294->85295 85295->85280 85296 694693 85297 6fd60f 11 API calls 85296->85297 85298 694698 85297->85298 85299 6946b3 85298->85299 85300 6946ac CloseHandle 85298->85300 85299->85280 85300->85299 85302 70204f 85301->85302 85307 702072 85301->85307 85304 702055 85302->85304 85302->85307 85306 6fd73d __dosmaperr 14 API calls 85304->85306 85305 702088 85305->85280 85308 70205a __cftoe 85306->85308 85415 70208d 49 API calls 2 library calls 85307->85415 85308->85280 85320 694200 OpenProcess 85309->85320 85311 6947a8 85314 6947b2 85311->85314 85392 68daa0 29 API calls 3 library calls 85311->85392 85313 6947e2 collate 85315 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85313->85315 85314->85313 85316 694935 85314->85316 85317 694604 85315->85317 85318 6fd60f 11 API calls 85316->85318 85317->85293 85317->85296 85319 69493a 85318->85319 85321 694267 85320->85321 85329 694310 85320->85329 85322 689bb0 125 API calls 85321->85322 85323 69426c 85322->85323 85325 689940 164 API calls 85323->85325 85327 69427c 85325->85327 85326 694351 QueryFullProcessImageNameW 85328 694375 GetLastError 85326->85328 85326->85329 85331 681b84 79 API calls 85327->85331 85328->85329 85332 694387 85328->85332 85330 69447f 85329->85330 85393 6946c0 85329->85393 85333 689bb0 125 API calls 85330->85333 85334 694298 85331->85334 85335 689bb0 125 API calls 85332->85335 85337 694484 85333->85337 85409 681cc0 76 API calls 85334->85409 85336 69438c 85335->85336 85339 689940 164 API calls 85336->85339 85340 689940 164 API calls 85337->85340 85342 69439c 85339->85342 85343 694494 85340->85343 85341 6942a3 85344 686140 75 API calls 85341->85344 85346 681b84 79 API calls 85342->85346 85347 681b84 79 API calls 85343->85347 85345 6942b1 85344->85345 85348 694940 76 API calls 85345->85348 85349 6943b8 85346->85349 85350 6944b0 85347->85350 85352 6942bc GetLastError 85348->85352 85399 6949d0 85349->85399 85410 681be0 76 API calls 85350->85410 85355 686140 75 API calls 85352->85355 85354 6944c0 85357 686140 75 API calls 85354->85357 85358 6942d3 85355->85358 85356 6943c3 85359 686140 75 API calls 85356->85359 85360 6944ce 85357->85360 85361 68b8a0 163 API calls 85358->85361 85362 6943d1 85359->85362 85411 694a60 76 API calls 85360->85411 85364 6942de std::ios_base::_Ios_base_dtor 85361->85364 85404 694940 85362->85404 85374 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85364->85374 85366 6944d9 85368 684190 5 API calls 85366->85368 85367 6943dc 85369 686140 75 API calls 85367->85369 85370 6944f5 85368->85370 85371 6943ea 85369->85371 85372 68b8a0 163 API calls 85370->85372 85373 68b8a0 163 API calls 85371->85373 85377 694462 std::ios_base::_Ios_base_dtor collate 85372->85377 85376 6943f5 std::ios_base::_Ios_base_dtor 85373->85376 85375 69457a 85374->85375 85375->85311 85376->85377 85379 694581 85376->85379 85377->85364 85378 69455a CloseHandle 85377->85378 85378->85364 85380 6fd60f 11 API calls 85379->85380 85381 694586 85380->85381 85382 694760 203 API calls 85381->85382 85383 694604 85382->85383 85386 694693 85383->85386 85387 694650 collate 85383->85387 85384 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85385 69468c 85384->85385 85385->85311 85388 6fd60f 11 API calls 85386->85388 85387->85384 85389 694698 85388->85389 85390 6946b3 85389->85390 85391 6946ac CloseHandle 85389->85391 85390->85311 85391->85390 85392->85314 85394 6946e9 85393->85394 85395 6946d3 85393->85395 85396 6946fa 85394->85396 85412 688eb0 28 API calls 3 library calls 85394->85412 85395->85326 85396->85326 85398 69474a 85398->85326 85400 694a0c 85399->85400 85401 694a3e 85399->85401 85413 6820a0 76 API calls 4 library calls 85400->85413 85401->85356 85403 694a1e 85403->85356 85405 69497c 85404->85405 85406 6949ae 85404->85406 85414 6820a0 76 API calls 4 library calls 85405->85414 85406->85367 85408 69498e 85408->85367 85409->85341 85410->85354 85411->85366 85412->85398 85413->85403 85414->85408 85415->85305 85417 685c64 CoCreateInstance 85416->85417 85418 685c54 85416->85418 85419 685c86 OleRun 85417->85419 85422 685c95 85417->85422 85418->85417 85419->85422 85420 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 85421 685a71 85420->85421 85421->85023 85421->85029 85422->85420 85423->85039 85424->85043 85425->85039 85426->85043 85429 685ef5 85428->85429 85431 685efc collate 85428->85431 85432 685f8a 5 API calls 2 library calls 85429->85432 85431->85069 85434 696d30 85433->85434 85441 696ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 85433->85441 88647 70e8a8 88646->88647 88648 70e8ba 88646->88648 88674 6f9543 GetModuleHandleW 88647->88674 88658 70e741 88648->88658 88651 70e8ad 88651->88648 88675 70e940 GetModuleHandleExW 88651->88675 88653 6f8c15 88653->84748 88659 70e74d CallCatchBlock 88658->88659 88681 70cd41 EnterCriticalSection 88659->88681 88661 70e757 88682 70e7ad 88661->88682 88663 70e764 88686 70e782 88663->88686 88666 70e8fe 88707 717cf2 GetPEB 88666->88707 88669 70e92d 88671 70e940 std::locale::_Setgloballocale 3 API calls 88669->88671 88670 70e90d GetPEB 88670->88669 88672 70e91d GetCurrentProcess TerminateProcess 88670->88672 88673 70e935 ExitProcess 88671->88673 88672->88669 88674->88651 88676 70e982 88675->88676 88677 70e95f GetProcAddress 88675->88677 88679 70e8b9 88676->88679 88680 70e988 FreeLibrary 88676->88680 88678 70e974 88677->88678 88678->88676 88679->88648 88680->88679 88681->88661 88683 70e7b9 CallCatchBlock 88682->88683 88684 70e81a std::locale::_Setgloballocale 88683->88684 88689 70f40b 88683->88689 88684->88663 88706 70cd91 LeaveCriticalSection 88686->88706 88688 70e770 88688->88653 88688->88666 88692 70f13c 88689->88692 88693 70f148 CallCatchBlock 88692->88693 88700 70cd41 EnterCriticalSection 88693->88700 88695 70f156 88701 70f31b 88695->88701 88699 70f174 88699->88684 88700->88695 88702 70f163 88701->88702 88703 70f33a 88701->88703 88705 70f18b LeaveCriticalSection std::_Lockit::~_Lockit 88702->88705 88703->88702 88704 712098 _free 14 API calls 88703->88704 88704->88702 88705->88699 88706->88688 88708 70e908 88707->88708 88709 717d0c 88707->88709 88708->88669 88708->88670 88711 7142b4 5 API calls _unexpected 88709->88711 88711->88708 88712 6a5318 88713 6f88fa 6 API calls 88712->88713 88714 6a5322 88713->88714 88715 6f8713 std::_Facet_Register 27 API calls 88714->88715 88812 6a571a 88714->88812 88717 6a535e 88715->88717 88829 6a4a40 88717->88829 88718 6a575a GetModuleHandleW 88723 6a5816 88718->88723 88720 6a53a7 88722 6a4a40 33 API calls 88720->88722 88724 6a53ba 88722->88724 88726 6a6440 27 API calls 88723->88726 88725 6a4a40 33 API calls 88724->88725 88728 6a53cb 88725->88728 88727 6a5885 88726->88727 88846 6a65c0 88727->88846 88851 6a61f0 29 API calls 3 library calls 88728->88851 88731 6a588c 88734 6a6440 27 API calls 88731->88734 88732 6a53e9 88733 6a4a40 33 API calls 88732->88733 88735 6a5486 88733->88735 88742 6a595c 88734->88742 88736 6a4a40 33 API calls 88735->88736 88737 6a5499 88736->88737 88738 6a4a40 33 API calls 88737->88738 88739 6a54aa 88738->88739 88852 6a61f0 29 API calls 3 library calls 88739->88852 88741 6a54c8 88743 6a4a40 33 API calls 88741->88743 88744 6a6440 27 API calls 88742->88744 88745 6a5565 88743->88745 88752 6a5ae8 88744->88752 88746 6a4a40 33 API calls 88745->88746 88747 6a5578 88746->88747 88748 6a4a40 33 API calls 88747->88748 88749 6a5589 88748->88749 88853 6a61f0 29 API calls 3 library calls 88749->88853 88751 6a55a7 88756 6a4a40 33 API calls 88751->88756 88779 6a5b83 std::ios_base::_Ios_base_dtor collate 88752->88779 88857 6811f3 29 API calls 2 library calls 88752->88857 88754 6a5bdb 88757 6a5be6 88754->88757 88765 6a5cfc collate 88754->88765 88755 6a6440 27 API calls 88763 6a5cc5 88755->88763 88758 6a564e 88756->88758 88759 689bb0 125 API calls 88757->88759 88760 6a4a40 33 API calls 88758->88760 88762 6a5beb 88759->88762 88764 6a5661 88760->88764 88761 6a6440 27 API calls 88766 6a5d62 88761->88766 88767 689940 164 API calls 88762->88767 88769 6a5e30 88763->88769 88770 6a5de7 88763->88770 88785 6a5cd3 codecvt 88763->88785 88771 6a4a40 33 API calls 88764->88771 88765->88761 88766->88779 88859 69aad0 28 API calls 3 library calls 88766->88859 88768 6a5bfb 88767->88768 88773 681b84 79 API calls 88768->88773 88777 6f8713 std::_Facet_Register 27 API calls 88769->88777 88769->88785 88774 6a5df2 88770->88774 88775 6a6085 Concurrency::cancel_current_task 88770->88775 88776 6a5672 88771->88776 88778 6a5c17 88773->88778 88781 6f8713 std::_Facet_Register 27 API calls 88774->88781 88780 6a608a 88775->88780 88854 6a61f0 29 API calls 3 library calls 88776->88854 88777->88785 88858 681be0 76 API calls 88778->88858 88779->88755 88784 6fd60f 11 API calls 88780->88784 88781->88785 88788 6a608f 88784->88788 88785->88780 88791 6a5ebc collate 88785->88791 88786 6a5690 88794 6f8713 std::_Facet_Register 27 API calls 88786->88794 88787 6a5c27 88789 68b8a0 163 API calls 88787->88789 88790 6fd60f 11 API calls 88788->88790 88789->88779 88804 6a6094 collate 88790->88804 88793 6a6440 27 API calls 88791->88793 88809 6a5f73 collate 88791->88809 88792 6a5f82 GetModuleHandleW 88796 6a5fc1 88792->88796 88797 6a5f95 GetProcAddress 88792->88797 88798 6a5f2f 88793->88798 88795 6a56d2 88794->88795 88855 6f85bf 17 API calls 88795->88855 88806 6a6440 27 API calls 88796->88806 88797->88796 88802 6a5fa7 GetCurrentProcess 88797->88802 88799 6a5f45 88798->88799 88860 69aad0 28 API calls 3 library calls 88798->88860 88799->88788 88799->88792 88799->88809 88802->88796 88821 6a6166 collate 88804->88821 88865 6a67b0 12 API calls collate 88804->88865 88805 6a5710 88856 6f88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 88805->88856 88810 6a6022 88806->88810 88807 6a60f4 88816 6a610e SysFreeString 88807->88816 88820 6a611b collate 88807->88820 88809->88792 88861 6836db 27 API calls collate 88810->88861 88811 6fd60f 11 API calls 88814 6a61d9 88811->88814 88836 6a6440 88812->88836 88815 6a602a 88862 68372a 5 API calls collate 88815->88862 88816->88820 88817 6a61b4 collate 88818 6a6159 SysFreeString 88818->88821 88820->88818 88820->88821 88821->88811 88821->88817 88822 6a6032 88863 68372a 5 API calls collate 88822->88863 88824 6a603a 88864 68372a 5 API calls collate 88824->88864 88826 6a6042 88827 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 88826->88827 88828 6a6059 88827->88828 88830 6f8713 std::_Facet_Register 27 API calls 88829->88830 88831 6a4a6e 88830->88831 88833 6a4aa5 _com_issue_error 88831->88833 88866 6f9900 88831->88866 88834 6a4ab8 collate 88833->88834 88835 6a4afc SysFreeString 88833->88835 88834->88720 88835->88834 88845 6a6496 88836->88845 88837 6a65af 88888 689b40 27 API calls collate 88837->88888 88838 6a64fd 88840 6f8713 std::_Facet_Register 27 API calls 88838->88840 88842 6a6515 88840->88842 88841 6a65b4 88887 6a6bb0 11 API calls collate 88842->88887 88844 6a64e8 88844->88718 88845->88837 88845->88838 88845->88844 88847 6a65cc 88846->88847 88848 6a65ef collate 88846->88848 88847->88848 88849 6fd60f 11 API calls 88847->88849 88848->88731 88850 6a6639 88849->88850 88851->88732 88852->88741 88853->88751 88854->88786 88855->88805 88856->88812 88857->88754 88858->88787 88859->88779 88860->88799 88861->88815 88862->88822 88863->88824 88864->88826 88865->88807 88868 6f9960 88866->88868 88886 6f993d 88866->88886 88867 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 88869 6f995a 88867->88869 88870 6f997f MultiByteToWideChar 88868->88870 88871 6f9a33 _com_issue_error 88868->88871 88869->88833 88872 6f999c 88870->88872 88873 6f9a47 GetLastError 88870->88873 88871->88873 88874 70594f _Yarn 15 API calls 88872->88874 88875 6f99ae __Strxfrm 88872->88875 88876 6f9a51 _com_issue_error 88873->88876 88874->88875 88875->88871 88878 6f99fa MultiByteToWideChar 88875->88878 88877 6f9a70 GetLastError 88876->88877 88879 6fe960 ~ctype 14 API calls 88876->88879 88884 6f9a7a _com_issue_error 88877->88884 88878->88876 88880 6f9a0e SysAllocString 88878->88880 88881 6f9a6d 88879->88881 88882 6f9a1f 88880->88882 88883 6f9a25 88880->88883 88881->88877 88885 6fe960 ~ctype 14 API calls 88882->88885 88883->88871 88883->88886 88884->88833 88885->88883 88886->88867 88887->88844 88888->88841 88892 6d4cfa 88893 6d4c79 88892->88893 88893->88892 88894 6e293c ___delayLoadHelper2@8 16 API calls 88893->88894 88894->88893 88895 6aea50 88898 6aed10 88895->88898 88896 6aea63 88899 6aed1a 88898->88899 88900 6aed39 88898->88900 88899->88900 88901 6aed22 RegSetValueExW 88899->88901 88900->88896 88901->88896 88908 6aecd0 88909 6aecde 88908->88909 88910 6aece7 lstrlenW 88908->88910 88912 6aed10 RegSetValueExW 88910->88912 88911 6aed07 88912->88911 88913 6adf10 RegCreateKeyExW 88914 6adf52 88913->88914 88915 6ae590 88916 6ae59a 88915->88916 88917 6ae5a5 88915->88917 88920 6ae8c0 RegQueryValueExW 88917->88920 88918 6ae5bf 88920->88918 88924 71732a 88929 7170bf 88924->88929 88926 717340 88927 717369 88926->88927 88939 720408 88926->88939 88932 7170ed 88929->88932 88930 6fd73d __dosmaperr 14 API calls 88931 717248 __cftoe 88930->88931 88931->88926 88933 702041 49 API calls 88932->88933 88937 71723d 88932->88937 88934 7172a5 88933->88934 88935 702041 49 API calls 88934->88935 88934->88937 88936 7172c3 88935->88936 88936->88937 88938 702041 49 API calls 88936->88938 88937->88930 88937->88931 88938->88937 88942 71fb11 88939->88942 88941 720423 88941->88927 88943 71fb1d CallCatchBlock 88942->88943 88944 71fb24 88943->88944 88946 71fb4f 88943->88946 88945 6fd73d __dosmaperr 14 API calls 88944->88945 88950 71fb29 __cftoe 88945->88950 88951 7200de 88946->88951 88950->88941 88952 7200fb 88951->88952 88953 720110 88952->88953 88954 720129 88952->88954 89012 6fd72a 14 API calls __dosmaperr 88953->89012 88998 71adb9 88954->88998 88958 720115 88963 6fd73d __dosmaperr 14 API calls 88958->88963 88959 720137 89013 6fd72a 14 API calls __dosmaperr 88959->89013 88960 72014e 89011 71fe25 CreateFileW 88960->89011 88988 71fb73 88963->88988 88964 72013c 88965 6fd73d __dosmaperr 14 API calls 88964->88965 88965->88958 88966 720204 GetFileType 88967 720256 88966->88967 88968 72020f GetLastError 88966->88968 89017 71ad04 15 API calls 2 library calls 88967->89017 89016 6fd707 14 API calls __dosmaperr 88968->89016 88969 7201d9 GetLastError 89015 6fd707 14 API calls __dosmaperr 88969->89015 88971 720187 88971->88966 88971->88969 89014 71fe25 CreateFileW 88971->89014 88973 72021d CloseHandle 88973->88958 88975 720246 88973->88975 88978 6fd73d __dosmaperr 14 API calls 88975->88978 88977 7201cc 88977->88966 88977->88969 88980 72024b 88978->88980 88979 720277 88981 7202c3 88979->88981 89018 720034 70 API calls 2 library calls 88979->89018 88980->88958 88985 7202ca 88981->88985 89019 71fbd2 71 API calls 3 library calls 88981->89019 88984 7202f8 88984->88985 88986 720306 88984->88986 88987 716b6c __wsopen_s 17 API calls 88985->88987 88986->88988 88989 720382 CloseHandle 88986->88989 88987->88988 88997 71fba6 LeaveCriticalSection __wsopen_s 88988->88997 89020 71fe25 CreateFileW 88989->89020 88991 7203ad 88992 7203b7 GetLastError 88991->88992 88993 7203e3 88991->88993 89021 6fd707 14 API calls __dosmaperr 88992->89021 88993->88988 88995 7203c3 89022 71aecc 15 API calls 2 library calls 88995->89022 88997->88950 88999 71adc5 CallCatchBlock 88998->88999 89023 70cd41 EnterCriticalSection 88999->89023 89001 71adcc 89002 71adf1 89001->89002 89007 71ae60 EnterCriticalSection 89001->89007 89009 71ae13 89001->89009 89027 71ab93 15 API calls 3 library calls 89002->89027 89006 71adf6 89006->89009 89028 71ace1 EnterCriticalSection 89006->89028 89008 71ae6d LeaveCriticalSection 89007->89008 89007->89009 89008->89001 89024 71aec3 89009->89024 89011->88971 89012->88958 89013->88964 89014->88977 89015->88958 89016->88973 89017->88979 89018->88981 89019->88984 89020->88991 89021->88995 89022->88993 89023->89001 89029 70cd91 LeaveCriticalSection 89024->89029 89026 71ae33 89026->88959 89026->88960 89027->89006 89028->89009 89029->89026 89030 6d4d93 89031 6d4d14 89030->89031 89032 6e293c ___delayLoadHelper2@8 16 API calls 89031->89032 89032->89031 89033 697156 89034 6f8713 std::_Facet_Register 27 API calls 89033->89034 89035 69715c codecvt 89034->89035 89036 6971bf 89035->89036 89045 69722a 89035->89045 89037 689bb0 125 API calls 89036->89037 89038 6971c4 89037->89038 89039 689940 164 API calls 89038->89039 89041 6971d4 89039->89041 89040 697df1 89292 6834d0 21 API calls collate 89040->89292 89042 681b84 79 API calls 89041->89042 89044 6971f0 89042->89044 89047 689ab0 76 API calls 89044->89047 89045->89040 89048 6972db 89045->89048 89049 6972b4 89045->89049 89061 69725f codecvt 89045->89061 89051 697200 89047->89051 89056 6f8713 std::_Facet_Register 27 API calls 89048->89056 89048->89061 89052 697dfc Concurrency::cancel_current_task 89049->89052 89055 6f8713 std::_Facet_Register 27 API calls 89049->89055 89053 681c50 76 API calls 89051->89053 89057 697e01 89052->89057 89059 69720e 89053->89059 89054 697348 89060 689bb0 125 API calls 89054->89060 89055->89061 89056->89061 89058 6fd60f 11 API calls 89057->89058 89062 697e06 89058->89062 89277 698f20 76 API calls 89059->89277 89064 69734d 89060->89064 89061->89054 89061->89057 89074 6973b3 89061->89074 89067 689bb0 125 API calls 89062->89067 89066 689940 164 API calls 89064->89066 89065 697219 89068 68b8a0 163 API calls 89065->89068 89069 69735d 89066->89069 89070 697e5c 89067->89070 89151 697221 std::ios_base::_Ios_base_dtor __Mtx_unlock collate 89068->89151 89071 681b84 79 API calls 89069->89071 89072 689940 164 API calls 89070->89072 89073 697379 89071->89073 89075 697e6c 89072->89075 89278 681be0 76 API calls 89073->89278 89074->89040 89077 69746a 89074->89077 89078 697443 89074->89078 89087 6973ee codecvt 89074->89087 89079 681b84 79 API calls 89075->89079 89082 6f8713 std::_Facet_Register 27 API calls 89077->89082 89077->89087 89078->89052 89081 6f8713 std::_Facet_Register 27 API calls 89078->89081 89083 697e88 89079->89083 89080 697389 89084 681c50 76 API calls 89080->89084 89081->89087 89082->89087 89293 681be0 76 API calls 89083->89293 89089 697397 89084->89089 89085 6974d7 89086 689bb0 125 API calls 89085->89086 89091 6974dc 89086->89091 89087->89057 89087->89085 89103 697542 89087->89103 89279 698f20 76 API calls 89089->89279 89094 689940 164 API calls 89091->89094 89092 697e98 89096 68b8a0 163 API calls 89092->89096 89093 6973a2 89097 68b8a0 163 API calls 89093->89097 89098 6974ec 89094->89098 89095 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 89099 697dea 89095->89099 89109 697ea3 std::ios_base::_Ios_base_dtor 89096->89109 89097->89151 89100 681b84 79 API calls 89098->89100 89102 697508 89100->89102 89101 697d49 89220 6a4b40 89101->89220 89280 681be0 76 API calls 89102->89280 89103->89040 89105 6976d8 89103->89105 89113 6975ff 89103->89113 89114 6975d6 89103->89114 89135 69757f codecvt 89103->89135 89105->89040 89111 69786e 89105->89111 89116 69776c 89105->89116 89117 697795 89105->89117 89139 697715 codecvt 89105->89139 89107 697d63 89219 69e380 224 API calls 89107->89219 89108 697b9d 89108->89040 89108->89101 89115 697c00 89108->89115 89164 697bde codecvt 89108->89164 89112 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 89109->89112 89110 697518 89118 681c50 76 API calls 89110->89118 89111->89040 89120 697a07 89111->89120 89124 69792e 89111->89124 89125 697905 89111->89125 89152 6978ae codecvt 89111->89152 89119 6985c6 89112->89119 89121 6f8713 std::_Facet_Register 27 API calls 89113->89121 89113->89135 89114->89052 89126 6f8713 std::_Facet_Register 27 API calls 89114->89126 89137 697c5c 89115->89137 89138 697c35 89115->89138 89116->89052 89127 6f8713 std::_Facet_Register 27 API calls 89116->89127 89130 6f8713 std::_Facet_Register 27 API calls 89117->89130 89117->89139 89122 697526 89118->89122 89120->89040 89120->89108 89133 697a9b 89120->89133 89134 697ac2 89120->89134 89162 697a44 codecvt 89120->89162 89121->89135 89281 698f20 76 API calls 89122->89281 89123 69766d 89129 689bb0 125 API calls 89123->89129 89144 6f8713 std::_Facet_Register 27 API calls 89124->89144 89124->89152 89125->89052 89142 6f8713 std::_Facet_Register 27 API calls 89125->89142 89126->89135 89127->89139 89141 697672 89129->89141 89130->89139 89132 697803 89143 689bb0 125 API calls 89132->89143 89133->89052 89154 6f8713 std::_Facet_Register 27 API calls 89133->89154 89146 6f8713 std::_Facet_Register 27 API calls 89134->89146 89134->89162 89135->89057 89135->89105 89135->89123 89136 69799c 89145 689bb0 125 API calls 89136->89145 89158 6f8713 std::_Facet_Register 27 API calls 89137->89158 89137->89164 89138->89052 89147 697c40 89138->89147 89139->89057 89139->89111 89139->89132 89140 697531 89149 68b8a0 163 API calls 89140->89149 89150 689940 164 API calls 89141->89150 89142->89152 89153 697808 89143->89153 89144->89152 89155 6979a1 89145->89155 89146->89162 89156 6f8713 std::_Facet_Register 27 API calls 89147->89156 89148 697b32 89157 689bb0 125 API calls 89148->89157 89149->89151 89159 697682 89150->89159 89151->89095 89152->89057 89152->89120 89152->89136 89161 689940 164 API calls 89153->89161 89154->89162 89163 689940 164 API calls 89155->89163 89156->89164 89165 697b37 89157->89165 89158->89164 89166 681b84 79 API calls 89159->89166 89160 697ccc 89167 689bb0 125 API calls 89160->89167 89168 697818 89161->89168 89162->89057 89162->89108 89162->89148 89169 6979b1 89163->89169 89164->89057 89164->89101 89164->89160 89170 689940 164 API calls 89165->89170 89171 69769e 89166->89171 89172 697cd1 89167->89172 89173 681b84 79 API calls 89168->89173 89174 681b84 79 API calls 89169->89174 89175 697b47 89170->89175 89282 681be0 76 API calls 89171->89282 89177 689940 164 API calls 89172->89177 89178 697834 89173->89178 89179 6979cd 89174->89179 89180 681b84 79 API calls 89175->89180 89182 697ce1 89177->89182 89284 681be0 76 API calls 89178->89284 89286 681be0 76 API calls 89179->89286 89185 697b63 89180->89185 89181 6976ae 89186 681c50 76 API calls 89181->89186 89187 681b84 79 API calls 89182->89187 89288 681be0 76 API calls 89185->89288 89191 6976bc 89186->89191 89192 697cfd 89187->89192 89188 697844 89193 681c50 76 API calls 89188->89193 89189 6979dd 89194 681c50 76 API calls 89189->89194 89283 698f20 76 API calls 89191->89283 89290 681be0 76 API calls 89192->89290 89198 697852 89193->89198 89200 6979eb 89194->89200 89195 697b73 89201 681c50 76 API calls 89195->89201 89285 698f20 76 API calls 89198->89285 89287 698f20 76 API calls 89200->89287 89206 697b81 89201->89206 89202 6976c7 89207 68b8a0 163 API calls 89202->89207 89203 697d0d 89208 681c50 76 API calls 89203->89208 89204 69785d 89210 68b8a0 163 API calls 89204->89210 89289 698f20 76 API calls 89206->89289 89207->89151 89209 697d1b 89208->89209 89291 698f20 76 API calls 89209->89291 89210->89151 89211 6979f6 89214 68b8a0 163 API calls 89211->89214 89214->89151 89215 697b8c 89217 68b8a0 163 API calls 89215->89217 89216 697d26 89218 68b8a0 163 API calls 89216->89218 89217->89151 89218->89151 89294 6a52d0 89220->89294 89222 6a4b83 89223 6f8713 std::_Facet_Register 27 API calls 89222->89223 89224 6a4c08 89223->89224 89370 6a6340 89224->89370 89226 6a4eba 89227 6a1b40 29 API calls 89226->89227 89236 6a4ec9 collate 89227->89236 89229 6a6360 27 API calls 89230 6a4d1a 89229->89230 89230->89226 89230->89229 89248 6f8713 std::_Facet_Register 27 API calls 89230->89248 89251 70594f _Yarn 15 API calls 89230->89251 89374 6a6640 27 API calls 3 library calls 89230->89374 89232 6a4c8a 89232->89230 89373 6a6c80 29 API calls std::_Facet_Register 89232->89373 89234 6a500e codecvt 89249 6fe960 ~ctype 14 API calls 89234->89249 89235 6a4fc2 89235->89234 89237 6a517d 89235->89237 89242 6a502e 89235->89242 89238 6a5187 89236->89238 89244 6a4f98 89236->89244 89375 6877a9 5 API calls collate 89236->89375 89377 6834d0 21 API calls collate 89237->89377 89241 6fd60f 11 API calls 89238->89241 89245 6a518c 89241->89245 89246 6a508b 89242->89246 89247 6a5062 89242->89247 89243 6a5182 Concurrency::cancel_current_task 89243->89238 89244->89235 89376 6a2f20 29 API calls 3 library calls 89244->89376 89254 689bb0 125 API calls 89245->89254 89246->89234 89253 6f8713 std::_Facet_Register 27 API calls 89246->89253 89247->89243 89250 6a506d 89247->89250 89248->89230 89263 6a50d8 collate 89249->89263 89252 6f8713 std::_Facet_Register 27 API calls 89250->89252 89251->89230 89255 6a5073 89252->89255 89253->89234 89256 6a51cb 89254->89256 89255->89234 89255->89238 89257 689940 164 API calls 89256->89257 89258 6a51db 89257->89258 89260 681b84 79 API calls 89258->89260 89259 6fe960 ~ctype 14 API calls 89262 6a513b collate 89259->89262 89264 6a51f7 89260->89264 89261 6a510c collate 89261->89259 89268 6fe960 ~ctype 14 API calls 89262->89268 89263->89261 89265 6fe960 ~ctype 14 API calls 89263->89265 89378 681be0 76 API calls 89264->89378 89265->89263 89267 6a5207 89269 68b8a0 163 API calls 89267->89269 89270 6a514d collate 89268->89270 89274 6a520f std::ios_base::_Ios_base_dtor collate 89269->89274 89271 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 89270->89271 89272 6a5177 89271->89272 89272->89107 89273 6a52a8 collate 89273->89107 89274->89273 89275 6fd60f 11 API calls 89274->89275 89277->89065 89278->89080 89279->89093 89280->89110 89281->89140 89282->89181 89283->89202 89284->89188 89285->89204 89286->89189 89287->89211 89288->89195 89289->89215 89290->89203 89291->89216 89293->89092 89295 6a571d 89294->89295 89296 6a6440 27 API calls 89295->89296 89297 6a575a GetModuleHandleW 89296->89297 89299 6a5816 89297->89299 89300 6a6440 27 API calls 89299->89300 89301 6a5885 89300->89301 89302 6a65c0 11 API calls 89301->89302 89303 6a588c 89302->89303 89304 6a6440 27 API calls 89303->89304 89305 6a595c 89304->89305 89306 6a6440 27 API calls 89305->89306 89307 6a5ae8 89306->89307 89328 6a5b83 std::ios_base::_Ios_base_dtor collate 89307->89328 89379 6811f3 29 API calls 2 library calls 89307->89379 89309 6a5bdb 89311 6a5be6 89309->89311 89316 6a5cfc collate 89309->89316 89310 6a6440 27 API calls 89315 6a5cc5 89310->89315 89312 689bb0 125 API calls 89311->89312 89314 6a5beb 89312->89314 89313 6a6440 27 API calls 89317 6a5d62 89313->89317 89318 689940 164 API calls 89314->89318 89320 6a5e30 89315->89320 89321 6a5de7 89315->89321 89333 6a5cd3 codecvt 89315->89333 89316->89313 89317->89328 89381 69aad0 28 API calls 3 library calls 89317->89381 89319 6a5bfb 89318->89319 89323 681b84 79 API calls 89319->89323 89326 6f8713 std::_Facet_Register 27 API calls 89320->89326 89320->89333 89324 6a5df2 89321->89324 89325 6a6085 Concurrency::cancel_current_task 89321->89325 89327 6a5c17 89323->89327 89330 6f8713 std::_Facet_Register 27 API calls 89324->89330 89329 6a608a 89325->89329 89326->89333 89380 681be0 76 API calls 89327->89380 89328->89310 89332 6fd60f 11 API calls 89329->89332 89330->89333 89335 6a608f 89332->89335 89333->89329 89338 6a5ebc collate 89333->89338 89334 6a5c27 89336 68b8a0 163 API calls 89334->89336 89337 6fd60f 11 API calls 89335->89337 89336->89328 89348 6a6094 collate 89337->89348 89340 6a6440 27 API calls 89338->89340 89351 6a5f73 collate 89338->89351 89339 6a5f82 GetModuleHandleW 89341 6a5fc1 89339->89341 89342 6a5f95 GetProcAddress 89339->89342 89343 6a5f2f 89340->89343 89349 6a6440 27 API calls 89341->89349 89342->89341 89346 6a5fa7 GetCurrentProcess 89342->89346 89344 6a5f45 89343->89344 89382 69aad0 28 API calls 3 library calls 89343->89382 89344->89335 89344->89339 89344->89351 89346->89341 89355 6a6166 collate 89348->89355 89387 6a67b0 12 API calls collate 89348->89387 89352 6a6022 89349->89352 89350 6a60f4 89354 6a611b collate 89350->89354 89359 6a610e SysFreeString 89350->89359 89351->89339 89383 6836db 27 API calls collate 89352->89383 89353 6fd60f 11 API calls 89357 6a61d9 89353->89357 89354->89355 89361 6a6159 SysFreeString 89354->89361 89355->89353 89360 6a61b4 collate 89355->89360 89358 6a602a 89384 68372a 5 API calls collate 89358->89384 89359->89354 89360->89222 89361->89355 89363 6a6032 89385 68372a 5 API calls collate 89363->89385 89365 6a603a 89386 68372a 5 API calls collate 89365->89386 89367 6a6042 89368 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 89367->89368 89369 6a6059 89368->89369 89369->89222 89371 6f8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 89370->89371 89372 6a6355 89371->89372 89372->89232 89373->89232 89374->89230 89375->89236 89376->89235 89378->89267 89379->89309 89380->89334 89381->89328 89382->89344 89383->89358 89384->89363 89385->89365 89386->89367 89387->89350

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 006B3AC0 Relevance: 75.4, APIs: 3, Strings: 39, Instructions: 1934COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 006B3CE8
                                                                                                                                                                              • Part of subcall function 006E3084: __EH_prolog3.LIBCMT ref: 006E308B
                                                                                                                                                                              • Part of subcall function 006E3084: std::_Lockit::_Lockit.LIBCPMT ref: 006E3096
                                                                                                                                                                              • Part of subcall function 006E3084: std::locale::_Setgloballocale.LIBCPMT ref: 006E30B1
                                                                                                                                                                              • Part of subcall function 006E3084: std::_Lockit::~_Lockit.LIBCPMT ref: 006E3107
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 006B4934
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006B4CD5
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                            • String ID: $+t$$+t$2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown$*t$*t$+t
                                                                                                                                                                            • API String ID: 3544396713-637269230
                                                                                                                                                                            • Opcode ID: 805c8a1c4d13d5ac00a20e4e8c74aa558ef33cbaed0b85ed687579fe5c0b2714
                                                                                                                                                                            • Instruction ID: 8af04700635dbbeff94bcb37f27e74178562ece719ca0a300b0881e30030ca35
                                                                                                                                                                            • Opcode Fuzzy Hash: 805c8a1c4d13d5ac00a20e4e8c74aa558ef33cbaed0b85ed687579fe5c0b2714
                                                                                                                                                                            • Instruction Fuzzy Hash: C7138BB1D012289BDB20DF54CC59BEDB7B6AF05304F1482D9E409AB292DB74AEC5CF94
                                                                                                                                                                            Function 0069F110 Relevance: 75.3, APIs: 21, Strings: 21, Instructions: 1782COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F268
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F307
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F37E
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F8B0
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069FBBD
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069FDB6
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A00BA
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A015F
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 006A05D7
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A0614
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 006A086A
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A08A7
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 006A0A90
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A0ACD
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                            • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`ato$`u$`u$`u$`u
                                                                                                                                                                            • API String ID: 1658547907-3901333925
                                                                                                                                                                            • Opcode ID: f80c7f2ab9bff1ff4de68eefdd3ce6ccb4e6c49bd8b75b0cc8deaa1bb1876f2f
                                                                                                                                                                            • Instruction ID: 1e1c2cc66e485526396cf24b647e882203cd7be5c12bebfcde30390e59d9922d
                                                                                                                                                                            • Opcode Fuzzy Hash: f80c7f2ab9bff1ff4de68eefdd3ce6ccb4e6c49bd8b75b0cc8deaa1bb1876f2f
                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF29E709002589BEF24EB24CD99BEDB7B6AF45304F1082E8E44DA7292DB759EC4CF54
                                                                                                                                                                            Function 006A5318 Relevance: 72.7, APIs: 12, Strings: 29, Instructions: 928COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1169 6a5318-6a532c call 6f88fa 1172 6a571d-6a5b7a call 6a6440 GetModuleHandleW call 6a6440 call 6a65c0 call 6a6440 * 2 call 699180 1169->1172 1173 6a5332-6a53a2 call 6f8713 call 6a4a40 1169->1173 1231 6a5b7f-6a5b81 1172->1231 1232 6a5b7a call 699180 1172->1232 1180 6a53a7-6a571a call 6a4a40 * 2 call 6a61f0 call 6f85d4 call 6a4a40 * 3 call 6a61f0 call 6f85d4 call 6a4a40 * 3 call 6a61f0 call 6f85d4 call 6a4a40 * 3 call 6a61f0 call 6f85d4 call 6f8713 call 6f85bf call 6f88b0 1173->1180 1180->1172 1234 6a5b83-6a5b8d 1231->1234 1235 6a5bc4-6a5be0 call 6811f3 1231->1235 1232->1231 1237 6a5c8d-6a5ccd call 6a6440 1234->1237 1238 6a5b93-6a5ba5 1234->1238 1249 6a5cfc-6a5d06 1235->1249 1250 6a5be6-6a5c59 call 689bb0 call 689940 call 681b84 call 681be0 call 68b8a0 call 6e2bfd 1235->1250 1251 6a5db3-6a5dc0 1237->1251 1252 6a5cd3-6a5cd8 1237->1252 1241 6a5bab-6a5bbf 1238->1241 1242 6a5c83-6a5c8a call 6f8375 1238->1242 1241->1242 1242->1237 1254 6a5d3a-6a5d67 call 6a6440 1249->1254 1255 6a5d08-6a5d1a 1249->1255 1250->1237 1347 6a5c5b-6a5c6d 1250->1347 1260 6a5dc9-6a5dce 1251->1260 1261 6a5dc2-6a5dc7 1251->1261 1258 6a5cda 1252->1258 1259 6a5cdc-6a5cf7 call 6fa3a0 1252->1259 1279 6a5d78-6a5d82 1254->1279 1280 6a5d69-6a5d73 call 69aad0 1254->1280 1263 6a5d1c-6a5d2a 1255->1263 1264 6a5d30-6a5d37 call 6f8375 1255->1264 1258->1259 1284 6a5e8e-6a5e98 1259->1284 1268 6a5dd1-6a5de5 1260->1268 1261->1268 1263->1264 1264->1254 1275 6a5e30-6a5e32 1268->1275 1276 6a5de7-6a5dec 1268->1276 1288 6a5e64-6a5e86 1275->1288 1289 6a5e34-6a5e62 call 6f8713 1275->1289 1285 6a5df2-6a5dfd call 6f8713 1276->1285 1286 6a6085 Concurrency::cancel_current_task 1276->1286 1279->1237 1283 6a5d88-6a5d94 1279->1283 1280->1279 1283->1242 1292 6a5d9a-6a5dae 1283->1292 1294 6a5e9a-6a5ea6 1284->1294 1295 6a5ec6-6a5ee7 call 699980 1284->1295 1296 6a608a call 6fd60f 1285->1296 1312 6a5e03-6a5e2e 1285->1312 1286->1296 1293 6a5e8c 1288->1293 1289->1293 1292->1242 1293->1284 1302 6a5ea8-6a5eb6 1294->1302 1303 6a5ebc-6a5ec3 call 6f8375 1294->1303 1311 6a5eec-6a5eee 1295->1311 1310 6a608f-6a60aa call 6fd60f 1296->1310 1302->1296 1302->1303 1303->1295 1329 6a60d8-6a60fc call 6a67b0 1310->1329 1330 6a60ac-6a60b6 1310->1330 1317 6a5f7f 1311->1317 1318 6a5ef4-6a5f34 call 6a6440 1311->1318 1312->1293 1321 6a5f82-6a5f93 GetModuleHandleW 1317->1321 1332 6a5f36-6a5f40 call 69aad0 1318->1332 1333 6a5f45-6a5f4f 1318->1333 1327 6a5fd1 1321->1327 1328 6a5f95-6a5fa5 GetProcAddress 1321->1328 1335 6a5fd3-6a605c call 6a6440 call 6836db call 68372a * 3 call 6f8367 1327->1335 1328->1327 1338 6a5fa7-6a5fc5 GetCurrentProcess 1328->1338 1355 6a60fe-6a6106 1329->1355 1356 6a6144-6a6149 1329->1356 1339 6a60b8-6a60c6 1330->1339 1340 6a60ce-6a60d5 call 6f8375 1330->1340 1332->1333 1333->1321 1344 6a5f51-6a5f5d 1333->1344 1338->1327 1377 6a5fc7-6a5fcb 1338->1377 1348 6a60cc 1339->1348 1349 6a61d4-6a61d9 call 6fd60f 1339->1349 1340->1329 1352 6a5f5f-6a5f6d 1344->1352 1353 6a5f73-6a5f7d call 6f8375 1344->1353 1347->1242 1358 6a5c6f-6a5c7d 1347->1358 1348->1340 1352->1310 1352->1353 1353->1321 1365 6a6108-6a610c 1355->1365 1366 6a613d 1355->1366 1360 6a614b-6a6151 1356->1360 1361 6a618f-6a6197 1356->1361 1358->1242 1368 6a6188 1360->1368 1369 6a6153-6a6157 1360->1369 1374 6a6199-6a61a2 1361->1374 1375 6a61c0-6a61d3 1361->1375 1372 6a611b-6a6120 1365->1372 1373 6a610e-6a6115 SysFreeString 1365->1373 1366->1356 1368->1361 1378 6a6159-6a6160 SysFreeString 1369->1378 1379 6a6166-6a616b 1369->1379 1381 6a6132-6a613a call 6f8375 1372->1381 1382 6a6122-6a612b call 6f874c 1372->1382 1373->1372 1383 6a61b6-6a61bd call 6f8375 1374->1383 1384 6a61a4-6a61b2 1374->1384 1377->1327 1386 6a5fcd-6a5fcf 1377->1386 1378->1379 1388 6a617d-6a6185 call 6f8375 1379->1388 1389 6a616d-6a6176 call 6f874c 1379->1389 1381->1366 1382->1381 1383->1375 1384->1349 1385 6a61b4 1384->1385 1385->1383 1386->1335 1388->1368 1389->1388
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006F88FA: EnterCriticalSection.KERNEL32(0077742C,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F8905
                                                                                                                                                                              • Part of subcall function 006F88FA: LeaveCriticalSection.KERNEL32(0077742C,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F8942
                                                                                                                                                                              • Part of subcall function 006A4A40: _com_issue_error.COMSUPP ref: 006A4AD2
                                                                                                                                                                              • Part of subcall function 006A4A40: SysFreeString.OLEAUT32(-00000001), ref: 006A4AFD
                                                                                                                                                                              • Part of subcall function 006A61F0: Concurrency::cancel_current_task.LIBCPMT ref: 006A62BF
                                                                                                                                                                              • Part of subcall function 006F88B0: EnterCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88BA
                                                                                                                                                                              • Part of subcall function 006F88B0: LeaveCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88ED
                                                                                                                                                                              • Part of subcall function 006F88B0: RtlWakeAllConditionVariable.NTDLL ref: 006F8964
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,3536BAD2,?,?), ref: 006A57B4
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006A57C5
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 006A57D1
                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 006A57DC
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A6067
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A6085
                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 006A610F
                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 006A615A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                            • String ID: (error)$)$0.0.0.0$0u$4.1.1.865$4u$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                            • API String ID: 2830066208-533342396
                                                                                                                                                                            • Opcode ID: 1aaf5282d1910c0ee4b15c9a36d5f61b76fe72829fe35ca8f6184bb0ed4dc9c0
                                                                                                                                                                            • Instruction ID: eb62788e0f76b712212f1ebda78a9ac1164290a75d3c17900efa9656bc81a99d
                                                                                                                                                                            • Opcode Fuzzy Hash: 1aaf5282d1910c0ee4b15c9a36d5f61b76fe72829fe35ca8f6184bb0ed4dc9c0
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C82E8709003489FEB54EF64DC497ADBBB2AF46304F14815CE415AB3D2DBB89A84CF69
                                                                                                                                                                            Function 00695870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1938 695870-6958d0 GetCurrentProcessId GetCurrentThreadId call 70594f 1941 696170-696185 call 68c900 1938->1941 1942 6958d6-695943 CreateFileW 1938->1942 1950 6961a5-6961ab 1941->1950 1951 696187-696189 1941->1951 1944 69596f-695973 1942->1944 1945 695945-695965 CreateFileW 1942->1945 1948 69597a-69599c CreateFileW 1944->1948 1949 695975 1944->1949 1945->1944 1947 695967-69596d 1945->1947 1947->1949 1952 69599e-6959c0 CreateFileW 1948->1952 1953 695a05-695a49 call 6fa920 UuidCreate 1948->1953 1949->1948 1957 6961ad-6961ba 1950->1957 1958 6961be-6961c4 1950->1958 1951->1950 1954 69618b-69618e 1951->1954 1952->1953 1955 6959c2-6959e4 CreateFileW 1952->1955 1968 69620b-69621b call 68c900 1953->1968 1969 695a4f-695a5f UuidCreate 1953->1969 1954->1950 1961 696190-696194 1954->1961 1955->1953 1962 6959e6-695a03 CreateFileW 1955->1962 1957->1958 1959 6961d7-6961dd 1958->1959 1960 6961c6-6961d3 1958->1960 1965 6961df-6961ec 1959->1965 1966 6961f0-696206 call 6f8367 1959->1966 1960->1959 1961->1950 1967 696196-69619a 1961->1967 1962->1953 1965->1966 1967->1950 1973 69619c-6961a3 call 6969a0 1967->1973 1968->1954 1969->1968 1970 695a65-695a87 call 695790 1969->1970 1982 695a89 1970->1982 1983 695aea-695af2 1970->1983 1973->1950 1985 695a90-695a96 1982->1985 1983->1968 1984 695af8-695b30 1983->1984 2002 696207 1984->2002 2003 695b36-695b3e 1984->2003 1986 695a98-695a9d 1985->1986 1987 695a9f-695aa5 1985->1987 1989 695ad9-695ae1 call 695790 1986->1989 1990 695aae-695ab4 1987->1990 1991 695aa7-695aac 1987->1991 1995 695ae6-695ae8 1989->1995 1992 695abd-695ac3 1990->1992 1993 695ab6-695abb 1990->1993 1991->1989 1997 695acc-695ad2 1992->1997 1998 695ac5-695aca 1992->1998 1993->1989 1995->1983 1995->1985 1997->1983 1999 695ad4 1997->1999 1998->1989 1999->1989 2002->1968 2003->2002 2004 695b44-695b5c 2003->2004 2004->2002 2007 695b62-695b66 2004->2007 2007->2002 2008 695b6c-695c01 call 694cc0 2007->2008 2008->2002 2021 695c07-695c4a 2008->2021 2026 69616c 2021->2026 2027 695c50-695c54 2021->2027 2026->1941 2027->2026 2028 695c5a-695c74 2027->2028 2028->2026 2031 695c7a-695c7e 2028->2031 2031->2026 2032 695c84-695cd4 call 694cc0 2031->2032 2039 695cd7-695ce0 2032->2039 2039->2039 2040 695ce2-695d16 CryptAcquireContextW 2039->2040 2041 695d18-695d32 CryptCreateHash 2040->2041 2042 695d65-695d6b 2040->2042 2041->2042 2043 695d34-695d4b CryptHashData 2041->2043 2044 695d6d-695d6e CryptDestroyHash 2042->2044 2045 695d74-695d7a 2042->2045 2043->2042 2046 695d4d-695d5f CryptGetHashParam 2043->2046 2044->2045 2047 695d7c-695d7f CryptReleaseContext 2045->2047 2048 695d85-695ef5 2045->2048 2046->2042 2047->2048 2048->2026 2077 695efb-695f4e call 694cc0 2048->2077 2084 695f50-695f59 2077->2084 2084->2084 2085 695f5b-695f8f CryptAcquireContextW 2084->2085 2086 695fde-695fe4 2085->2086 2087 695f91-695fab CryptCreateHash 2085->2087 2089 695fed-695ff3 2086->2089 2090 695fe6-695fe7 CryptDestroyHash 2086->2090 2087->2086 2088 695fad-695fc4 CryptHashData 2087->2088 2088->2086 2091 695fc6-695fd8 CryptGetHashParam 2088->2091 2092 695ffe-696166 2089->2092 2093 695ff5-695ff8 CryptReleaseContext 2089->2093 2090->2089 2091->2086 2092->2026 2093->2092
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 006958AA
                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006958B4
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0069593A
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0069595C
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00695991
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 006959B5
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006959D9
                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006959FD
                                                                                                                                                                            • UuidCreate.RPCRT4(00000000), ref: 00695A41
                                                                                                                                                                            • UuidCreate.RPCRT4(00000000), ref: 00695A57
                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?), ref: 00695D0E
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00695D2A
                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00695D43
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00695D5F
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?), ref: 00695D6E
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00695D7F
                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?), ref: 00695F87
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00695FA3
                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00695FBC
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00695FD8
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?), ref: 00695FE7
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00695FF8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                            • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                            • API String ID: 4128897270-3926088020
                                                                                                                                                                            • Opcode ID: 9f8e283e76c6fd2298d7c5b0258bc4ca4141f37a3d9478c09e5de9456461cc2d
                                                                                                                                                                            • Instruction ID: 1d522eb4d0ee83b769afb936a386f524f24655a7e4dbe8d8bf4983a8f2be496e
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f8e283e76c6fd2298d7c5b0258bc4ca4141f37a3d9478c09e5de9456461cc2d
                                                                                                                                                                            • Instruction Fuzzy Hash: FC5278756003009FEB158F24C894B6EB7EABB88711F154959FA46A73D0CBB9ED018F86
                                                                                                                                                                            Function 006D1840 Relevance: 60.3, APIs: 5, Strings: 29, Instructions: 754registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 006D1932
                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 006D1DAD
                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 006D1DD3
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 006D20C4
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                            • String ID: to $$+t$(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range$*t
                                                                                                                                                                            • API String ID: 3662814871-371244723
                                                                                                                                                                            • Opcode ID: a1ed5a96b48e74acdbe84b50ccb13a8d170277ce2a67aa42ce758c2df3c6448e
                                                                                                                                                                            • Instruction ID: 6099414042a2609afaa0a9124c67829df8f75c0a0f8e06917111fa311d661d1f
                                                                                                                                                                            • Opcode Fuzzy Hash: a1ed5a96b48e74acdbe84b50ccb13a8d170277ce2a67aa42ce758c2df3c6448e
                                                                                                                                                                            • Instruction Fuzzy Hash: 2252D1B0E40309AFDB20DF54CC55BEEB7B6BF05700F1441AAE8056B381E7B59A45CBA5
                                                                                                                                                                            Function 006E17A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 3020 6e17a0-6e17e9 3021 6e184f 3020->3021 3022 6e17eb-6e181d CryptQueryObject 3020->3022 3025 6e1851-6e186c call 6f8367 3021->3025 3023 6e181f-6e1824 3022->3023 3024 6e186d-6e18ae call 6e14f0 3022->3024 3026 6e182d-6e1832 3023->3026 3027 6e1826-6e1827 CryptMsgClose 3023->3027 3035 6e18e4-6e18ea 3024->3035 3036 6e18b0-6e18bd call 6ce680 3024->3036 3030 6e1834-6e183f CertCloseStore 3026->3030 3031 6e1842-6e1848 3026->3031 3027->3026 3030->3031 3031->3021 3034 6e184a-6e184b 3031->3034 3034->3021 3038 6e18f0-6e18f6 3035->3038 3042 6e18bf-6e18c0 CryptMsgClose 3036->3042 3043 6e18c6-6e18cb 3036->3043 3040 6e18fc-6e1944 3038->3040 3041 6e1b40-6e1b4d call 6ce680 3038->3041 3045 6e198e-6e19d5 CryptQueryObject 3040->3045 3046 6e1946-6e1951 3040->3046 3058 6e1b4f-6e1b50 CryptMsgClose 3041->3058 3059 6e1b52-6e1b57 3041->3059 3042->3043 3049 6e18cd-6e18d8 CertCloseStore 3043->3049 3050 6e18db-6e18df 3043->3050 3047 6e1a39-6e1a5c call 6e14f0 3045->3047 3048 6e19d7-6e19dc 3045->3048 3052 6e1969-6e198b call 6f8375 3046->3052 3053 6e1953-6e1961 3046->3053 3073 6e1a5e-6e1a60 3047->3073 3074 6e1ac8-6e1aca 3047->3074 3054 6e19de-6e19df CryptMsgClose 3048->3054 3055 6e19e1-6e19ec 3048->3055 3049->3050 3057 6e1ab8-6e1aba 3050->3057 3052->3045 3060 6e1b7c-6e1b81 call 6fd60f 3053->3060 3061 6e1967 3053->3061 3054->3055 3063 6e19ee-6e19f5 CertCloseStore 3055->3063 3064 6e19f8-6e19fe 3055->3064 3066 6e1abc-6e1abd 3057->3066 3067 6e1ac1-6e1ac3 3057->3067 3058->3059 3068 6e1b59-6e1b64 CertCloseStore 3059->3068 3069 6e1b67 3059->3069 3061->3052 3063->3064 3075 6e1a05-6e1a1a call 6ce630 call 6ce680 3064->3075 3076 6e1a00-6e1a01 3064->3076 3066->3067 3067->3025 3068->3069 3069->3060 3077 6e1a65-6e1a70 3073->3077 3078 6e1a62-6e1a63 CryptMsgClose 3073->3078 3080 6e1acf-6e1ad4 3074->3080 3081 6e1acc-6e1acd CryptMsgClose 3074->3081 3097 6e1a1f-6e1a24 3075->3097 3098 6e1a1c-6e1a1d CryptMsgClose 3075->3098 3076->3075 3082 6e1a7c-6e1a82 3077->3082 3083 6e1a72-6e1a79 CertCloseStore 3077->3083 3078->3077 3085 6e1ad6-6e1ae1 CertCloseStore 3080->3085 3086 6e1ae4-6e1aea 3080->3086 3081->3080 3087 6e1a89-6e1a9e call 6ce630 call 6ce680 3082->3087 3088 6e1a84-6e1a85 3082->3088 3083->3082 3085->3086 3090 6e1aec-6e1aed 3086->3090 3091 6e1af1-6e1af7 3086->3091 3107 6e1aa3-6e1aa8 3087->3107 3108 6e1aa0-6e1aa1 CryptMsgClose 3087->3108 3088->3087 3090->3091 3091->3038 3092 6e1afd-6e1b08 3091->3092 3095 6e1b1c-6e1b3b call 6f8375 3092->3095 3096 6e1b0a-6e1b18 3092->3096 3095->3038 3096->3060 3100 6e1b1a 3096->3100 3102 6e1a26-6e1a2d CertCloseStore 3097->3102 3103 6e1a30 3097->3103 3098->3097 3100->3095 3102->3103 3103->3047 3109 6e1aaa-6e1ab1 CertCloseStore 3107->3109 3110 6e1ab4 3107->3110 3108->3107 3109->3110 3110->3057
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001, %n,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006E1815
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1827
                                                                                                                                                                              • Part of subcall function 006E14F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 006E1581
                                                                                                                                                                              • Part of subcall function 006E14F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006E15B2
                                                                                                                                                                              • Part of subcall function 006E14F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006E15DD
                                                                                                                                                                              • Part of subcall function 006E14F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 006E1625
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1837
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E18C0
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E18D0
                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006E19CD
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E19DF
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E19F1
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1A1D
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1A29
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1A63
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1A75
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1AA1
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1AAD
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1ACD
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1AD9
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006E1B50
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006E1B5C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                            • String ID: %n
                                                                                                                                                                            • API String ID: 2648890560-2247426890
                                                                                                                                                                            • Opcode ID: 6820c345f66fbd6ce95826abd73f2f63d906948da111cfe3e2f3291d13e3cfd7
                                                                                                                                                                            • Instruction ID: 1777e098ed00700d72ac89c366430091acf84aa5d48656282eccd4f9c8b9f3bf
                                                                                                                                                                            • Opcode Fuzzy Hash: 6820c345f66fbd6ce95826abd73f2f63d906948da111cfe3e2f3291d13e3cfd7
                                                                                                                                                                            • Instruction Fuzzy Hash: D8C12C71E11349AAEF10CFAACC85BEEBBF9AF05704F144129E504FB280D7749944DB64
                                                                                                                                                                            Function 006CFFE0 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 368COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 3111 6cffe0-6d002d 3112 6d002f-6d004c call 6b8650 3111->3112 3113 6d0051-6d0055 3111->3113 3122 6d0557-6d0571 call 6f8367 3112->3122 3115 6d00ae-6d010d 3113->3115 3116 6d0057-6d005d 3113->3116 3120 6d010f-6d011b 3115->3120 3121 6d0122-6d0135 3115->3121 3118 6d005f 3116->3118 3119 6d0061-6d006a 3116->3119 3118->3119 3123 6d006c-6d0073 call 6e21d0 3119->3123 3124 6d0077-6d007c call 6ceb20 3119->3124 3120->3121 3125 6d013b-6d0145 3121->3125 3126 6d0574-6d0579 call 6834d0 3121->3126 3137 6d0075 3123->3137 3138 6d007f-6d0081 3124->3138 3129 6d014f-6d0187 3125->3129 3130 6d0147-6d0149 3125->3130 3135 6d0189-6d0194 3129->3135 3136 6d01d3-6d0283 call 6fa3a0 call 68e9c0 3129->3136 3130->3129 3140 6d019d-6d01a4 3135->3140 3141 6d0196-6d019b 3135->3141 3153 6d0285 3136->3153 3154 6d0287-6d0318 call 68e9c0 call 6838d0 * 2 call 6fa920 3136->3154 3137->3138 3138->3115 3143 6d0083-6d0087 3138->3143 3142 6d01a7-6d01cd call 6833c3 3140->3142 3141->3142 3142->3136 3146 6d0089 3143->3146 3147 6d008b-6d00a9 call 6b8650 3143->3147 3146->3147 3147->3122 3153->3154 3163 6d0320-6d0328 3154->3163 3164 6d033e-6d0355 3163->3164 3165 6d032a-6d0331 3163->3165 3167 6d0359-6d0383 CreateProcessW 3164->3167 3168 6d0357 3164->3168 3165->3164 3166 6d0333-6d033c 3165->3166 3166->3163 3166->3164 3169 6d03ba-6d03ca WaitForSingleObject 3167->3169 3170 6d0385-6d03b5 GetLastError call 6b8650 3167->3170 3168->3167 3172 6d03cc-6d03d0 3169->3172 3173 6d03de-6d03fd GetExitCodeProcess 3169->3173 3182 6d0526-6d053f call 6838d0 3170->3182 3177 6d03d4-6d03dc 3172->3177 3178 6d03d2 3172->3178 3174 6d03ff-6d040b GetLastError 3173->3174 3175 6d0430-6d0434 3173->3175 3179 6d0410-6d042b call 6b8650 3174->3179 3180 6d046e-6d0477 3175->3180 3181 6d0436-6d043a 3175->3181 3177->3179 3178->3177 3179->3182 3187 6d0480-6d049e 3180->3187 3184 6d043c 3181->3184 3185 6d043e-6d0447 DeleteFileW 3181->3185 3193 6d0544-6d054c 3182->3193 3194 6d0541-6d0542 CloseHandle 3182->3194 3184->3185 3185->3180 3189 6d0449-6d046b GetLastError call 6b8650 3185->3189 3187->3187 3191 6d04a0-6d04c4 3187->3191 3189->3180 3195 6d04d7-6d051f call 6814a1 call 6ba350 call 6838d0 * 2 3191->3195 3196 6d04c6-6d04d2 call 68347e 3191->3196 3200 6d054e-6d054f CloseHandle 3193->3200 3201 6d0551 3193->3201 3194->3193 3195->3182 3196->3195 3200->3201 3201->3122
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: D$Failed to delete executable (%d)$Failed to get process exit code (%d)$NWebAdvisor::NXmlUpdater::CExecuteLocalCommand::ExecuteLocalCommand$Signature check failed for command %s$Unable to run %s, error (%d)$Wait for process failed for command %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExecuteLocalCommand.cpp$invalid substitutor
                                                                                                                                                                            • API String ID: 0-284121414
                                                                                                                                                                            • Opcode ID: eee21a9ec049174b088261cc1f7b0b0208926dc3d8e59759f6191314347f57cc
                                                                                                                                                                            • Instruction ID: 76bf21ec1ebb0ad9f5825e1ccd7d02c939ed82bf78a64294eda8aac63ab97ea9
                                                                                                                                                                            • Opcode Fuzzy Hash: eee21a9ec049174b088261cc1f7b0b0208926dc3d8e59759f6191314347f57cc
                                                                                                                                                                            • Instruction Fuzzy Hash: A7E1CD70E012599BEB24DF28CC49BEEB7B6AF45304F0042DEE509A7391EB749A84CF51
                                                                                                                                                                            Function 00695204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 3384 695204-69523e RegOpenKeyExW 3385 6952e2-695311 call 6fe960 GetLastError 3384->3385 3386 695244-695273 RegQueryValueExW 3384->3386 3390 69538b-6953dc 3385->3390 3388 6952ca-6952dc RegCloseKey 3386->3388 3389 695275-69527d 3386->3389 3388->3385 3388->3390 3389->3388 3392 69527f-695292 call 694c10 3389->3392 3393 6953fd-695401 3390->3393 3394 6953de-6953eb OutputDebugStringW call 694f50 3390->3394 3404 6952b4-6952c8 SetLastError RegCloseKey 3392->3404 3405 695294-69529c 3392->3405 3397 69547e-695481 3393->3397 3398 695403-695449 call 6fa920 * 2 call 696ae0 3393->3398 3402 6953f0-6953f8 3394->3402 3400 69548f-695496 3397->3400 3401 695483-695489 3397->3401 3398->3397 3439 69544b-695471 3398->3439 3406 6955d1-6955d7 3400->3406 3407 69549c-6954b8 OutputDebugStringW call 694e60 3400->3407 3401->3400 3401->3406 3402->3397 3404->3385 3405->3388 3409 69529e-6952b2 call 694c10 3405->3409 3410 6955d9 3406->3410 3411 6955f3 3406->3411 3424 6955cb 3407->3424 3425 6954be-6954d8 call 694e60 3407->3425 3409->3388 3409->3404 3415 6955df-6955e5 3410->3415 3416 695703-69570a 3410->3416 3418 6955f5 3411->3418 3415->3416 3423 6955eb-6955f1 3415->3423 3421 695739 3416->3421 3422 69570c-69571b LoadLibraryExW 3416->3422 3418->3416 3426 6955fb-695606 3418->3426 3429 69573e-695743 3421->3429 3428 69571d-695737 GetLastError call 6fe960 3422->3428 3422->3429 3423->3418 3424->3406 3441 6954da-6954e0 3425->3441 3442 6954f2-695516 call 70594f 3425->3442 3431 695608-69560a 3426->3431 3432 695610-69561c call 694dc0 3426->3432 3428->3429 3436 69574e-695753 3429->3436 3437 695745-69574b call 6f874c 3429->3437 3431->3432 3451 6956ea-6956ef 3432->3451 3452 695622-69562a 3432->3452 3445 69575e-695784 call 6f8367 3436->3445 3446 695755-69575b call 6f874c 3436->3446 3437->3436 3439->3397 3448 695518-69551f 3441->3448 3449 6954e2-6954eb call 6fe960 3441->3449 3442->3448 3446->3445 3448->3426 3458 695525-69554b call 694e60 call 694cc0 3448->3458 3449->3442 3451->3429 3455 6956f1-695701 call 6fe960 3451->3455 3452->3451 3461 695630 3452->3461 3455->3429 3476 69554d-69557f call 6fa920 * 2 call 696ae0 3458->3476 3477 6955c4-6955c9 3458->3477 3462 695635-695639 3461->3462 3467 69563b-695641 3462->3467 3468 695643-69565a 3462->3468 3467->3462 3467->3468 3468->3451 3471 695660-6956a2 call 694dc0 call 70594f 3468->3471 3471->3451 3482 6956a4-6956e2 call 694dc0 call 694cc0 OutputDebugStringW call 6fe960 3471->3482 3489 695584-69558d 3476->3489 3477->3426 3494 6956e7 3482->3494 3489->3406 3491 69558f-6955c2 3489->3491 3491->3406 3494->3451
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00695225
                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00695265
                                                                                                                                                                            • SetLastError.KERNEL32(0000006F,?,?,0075A17C), ref: 006952B6
                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006952C2
                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006952D0
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006952F6
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 006953E3
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 006954A1
                                                                                                                                                                            Strings
                                                                                                                                                                            • %ls\%ls, xrefs: 00695533
                                                                                                                                                                            • Software\McAfee\SystemCore, xrefs: 0069521B
                                                                                                                                                                            • szInstallDir32, xrefs: 0069525F
                                                                                                                                                                            • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 0069549C
                                                                                                                                                                            • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 006953DE
                                                                                                                                                                            • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 006956B7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseDebugErrorLastOutputString$OpenQueryValue
                                                                                                                                                                            • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                            • API String ID: 901107078-3767168787
                                                                                                                                                                            • Opcode ID: 65a01f221495545e27823f23cd49dea0388891437a3d3a0654ac9b619853f67f
                                                                                                                                                                            • Instruction ID: 4dfd71136d1ae3c7ede8196ab7cd7096637920184e89a80f1745ceb8bda9ad3d
                                                                                                                                                                            • Opcode Fuzzy Hash: 65a01f221495545e27823f23cd49dea0388891437a3d3a0654ac9b619853f67f
                                                                                                                                                                            • Instruction Fuzzy Hash: 7AD1C3B0E006199FEF25DF64CC45BEEB7BAAF04304F0440A9E90AA6681DB749E44CF91
                                                                                                                                                                            Function 006970D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006A4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A521E
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697D3D
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00697DFC
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00697DC8
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697EBB
                                                                                                                                                                            Strings
                                                                                                                                                                            • Failed to add reserved 3 dimension (, xrefs: 006979CD
                                                                                                                                                                            • z, xrefs: 00697CF1
                                                                                                                                                                            • Failed to add event action (, xrefs: 00697379
                                                                                                                                                                            • Service has not been initialized, xrefs: 00697E88
                                                                                                                                                                            • Failed to add reserved 2 dimension (, xrefs: 00697834
                                                                                                                                                                            • Failed to add reserved 5 dimension (, xrefs: 00697CFD
                                                                                                                                                                            • u, xrefs: 00697B57
                                                                                                                                                                            • Failed to add event label (, xrefs: 00697508
                                                                                                                                                                            • Failed to add reserved 4 dimension (, xrefs: 00697B63
                                                                                                                                                                            • Failed to add event category (, xrefs: 006971F0
                                                                                                                                                                            • Failed to add reserved 1 dimension (, xrefs: 0069769E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                            • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                            • API String ID: 342047005-3525645681
                                                                                                                                                                            • Opcode ID: dc4d0fc8978352b9806e0a2f5fa11204b635c3705c68de16638a835289dd7a71
                                                                                                                                                                            • Instruction ID: dfa4e3b81c5f8955ec8a1cce5dbdc65ef4a1b0076a864b2b54f4d5bac0f1659e
                                                                                                                                                                            • Opcode Fuzzy Hash: dc4d0fc8978352b9806e0a2f5fa11204b635c3705c68de16638a835289dd7a71
                                                                                                                                                                            • Instruction Fuzzy Hash: 8482E670514244CFDF18EF24C895BEE7BAAAF45304F10429CE8168B782DB75DA09CBA6
                                                                                                                                                                            Function 00698FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CoCreateGuid.OLE32(?), ref: 00698FC8
                                                                                                                                                                            • StringFromCLSID.OLE32(?,?), ref: 00698FE0
                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00699138
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00699173
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006993D1
                                                                                                                                                                            Strings
                                                                                                                                                                            • Could not create registry key , xrefs: 0069923F
                                                                                                                                                                            • SOFTWARE\McAfee\WebAdvisor, xrefs: 006991FB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                            • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                            • API String ID: 3741506170-3627174789
                                                                                                                                                                            • Opcode ID: d6cb68b0c854fda8d8935bc81ad5791f0e6b933b6bcb79907560eed62d0fdc34
                                                                                                                                                                            • Instruction ID: dc0c17f066db189b46553fe471607465978353cae084488b57c216cabfc7842f
                                                                                                                                                                            • Opcode Fuzzy Hash: d6cb68b0c854fda8d8935bc81ad5791f0e6b933b6bcb79907560eed62d0fdc34
                                                                                                                                                                            • Instruction Fuzzy Hash: B58107716003099FDB14EF68DC45BAE77AAFF44310F10462DF92697681EB74AA04CBA6
                                                                                                                                                                            Function 006E14F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 006E1581
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006E15B2
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006E15DD
                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 006E1625
                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 006E175E
                                                                                                                                                                              • Part of subcall function 006FE960: _free.LIBCMT ref: 006FE973
                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 006E1738
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CertCryptParam$ContextFree$CertificateFromStoreSubject_free
                                                                                                                                                                            • String ID: %n
                                                                                                                                                                            • API String ID: 4059466977-2247426890
                                                                                                                                                                            • Opcode ID: 76ed8ac5b9646184908eb76918c34e66c22b752f4c01168718c76889e1f130fd
                                                                                                                                                                            • Instruction ID: 18a702620cdfc68602b15bc9bfe80bd0dbb140d92d8a84bed046bab2b1e892e2
                                                                                                                                                                            • Opcode Fuzzy Hash: 76ed8ac5b9646184908eb76918c34e66c22b752f4c01168718c76889e1f130fd
                                                                                                                                                                            • Instruction Fuzzy Hash: 50818B71801289DFDF20CF65D841BEEBBBABF0A744F144119E924AB352D771AA04DBA1
                                                                                                                                                                            Function 00684C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00684CA6
                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00684CB8
                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00684CD3
                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00684CE9
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00684CFA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                                                                                                                            • String ID: saBSI.exe
                                                                                                                                                                            • API String ID: 592884611-3955546181
                                                                                                                                                                            • Opcode ID: a885a9a21b599ebd63c9cca603bd6fb526009c2664cb673dd7c08d86922cdf0e
                                                                                                                                                                            • Instruction ID: f8949a9b93242e558bc4b95a6c25def137301eb729ca241193eaab05e376c8f0
                                                                                                                                                                            • Opcode Fuzzy Hash: a885a9a21b599ebd63c9cca603bd6fb526009c2664cb673dd7c08d86922cdf0e
                                                                                                                                                                            • Instruction Fuzzy Hash: 31213A721053009FD220BF64EC89AAF77DAEF85325F150328FD25C72E1EB74994587A6
                                                                                                                                                                            Function 006B73B0 Relevance: 10.4, Strings: 8, Instructions: 433COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                            • String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp$d6t
                                                                                                                                                                            • API String ID: 54951025-2282566939
                                                                                                                                                                            • Opcode ID: 18e6b87f47c1a8557444b496958c5d3f18943431d052044d8ff439c8bb245776
                                                                                                                                                                            • Instruction ID: bf871de8335cd672809e68625b47929d09a49e08c3ce1eb2c068db935bc315b4
                                                                                                                                                                            • Opcode Fuzzy Hash: 18e6b87f47c1a8557444b496958c5d3f18943431d052044d8ff439c8bb245776
                                                                                                                                                                            • Instruction Fuzzy Hash: DBF1C1B1A04209DFDB10DF68C845BDAB7B6BF55304F1482ADE809AB391EB759E84CF50
                                                                                                                                                                            Function 00694F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000,3536BAD2), ref: 00694FB5
                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00694FDF
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00694FF2
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0069500B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                            • String ID: %ls\%ls
                                                                                                                                                                            • API String ID: 152501406-2125769799
                                                                                                                                                                            • Opcode ID: 9b81854274564d5d97d322ffc4de979075eac6fa2af9ea0c1109d015dfb6bc65
                                                                                                                                                                            • Instruction ID: 3efc78f2e3ccd25c4160dfb1933c1de5a3f71d3a3ac273008d21c2cf78132350
                                                                                                                                                                            • Opcode Fuzzy Hash: 9b81854274564d5d97d322ffc4de979075eac6fa2af9ea0c1109d015dfb6bc65
                                                                                                                                                                            • Instruction Fuzzy Hash: 0141D4B1E006099BDF15DFB5CC45BAFB6BABB44700F24813EE506DB281EA35C9008B94
                                                                                                                                                                            Function 006CD540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • invalid substitutor, xrefs: 006CDB5E
                                                                                                                                                                            • NEQ, xrefs: 006CD892
                                                                                                                                                                            • Unable to substitute the arguments, xrefs: 006CE16E
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 006CDB6A, 006CE17A
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 006CDB65, 006CE175
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
                                                                                                                                                                            • API String ID: 0-4090108046
                                                                                                                                                                            • Opcode ID: e8c60535bebe6d555246323ad49ec7f1df1898bf488b805faaab99a7bdbe5f21
                                                                                                                                                                            • Instruction ID: 9de8ea8ca73db9ad1a180e74e291abaaa3389aca89dbd643b8f64cc0133169c3
                                                                                                                                                                            • Opcode Fuzzy Hash: e8c60535bebe6d555246323ad49ec7f1df1898bf488b805faaab99a7bdbe5f21
                                                                                                                                                                            • Instruction Fuzzy Hash: BF82AE71D002588BDF14DFA8C845BEDBBB2FF45304F14829DE419AB391EB75AA85CB50
                                                                                                                                                                            Function 0070E8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,0070E8FD,00000002,00000002,?,00000002), ref: 0070E920
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,0070E8FD,00000002,00000002,?,00000002), ref: 0070E927
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 0070E939
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: 6f3b5077dce1b4d843e73350cfd25937ba02c01ec92fcfe45ff612c063bcdf76
                                                                                                                                                                            • Instruction ID: ee3063e64a2d361c47bd32b984e30e217fa5735d2d5bc223a2a1d4eaeb6a890e
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f3b5077dce1b4d843e73350cfd25937ba02c01ec92fcfe45ff612c063bcdf76
                                                                                                                                                                            • Instruction Fuzzy Hash: F7E04631010108EFCF152F24DD0CA4C3BAAFB00342B148818F908861B1CB7DED81CBA6
                                                                                                                                                                            Function 00685C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CoCreateInstance.OLE32(0074D808,00000000,00000017,0075B024,00000000,3536BAD2,?,?,?,00000000,00000000,00000000,00728687,000000FF), ref: 00685C7A
                                                                                                                                                                            • OleRun.OLE32(00000000), ref: 00685C89
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 542301482-0
                                                                                                                                                                            • Opcode ID: 767af43574c978e7b149b883462419acb160a2eb6e3027353ecc2a441f56827d
                                                                                                                                                                            • Instruction ID: b0f4018629cd39df28a5013485e9fefd97770358c315075dc5c6e5cf1e9955e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 767af43574c978e7b149b883462419acb160a2eb6e3027353ecc2a441f56827d
                                                                                                                                                                            • Instruction Fuzzy Hash: FE218C76600618AFDB01DB58CC45F6EB7BAEB88B21F10412DE516A73A0DB79AD008B54
                                                                                                                                                                            Function 00684E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1406 684e1f-684e73 call 6ad6d0 1409 684e75-684ec1 call 689bb0 call 689940 call 681b84 call 681be0 call 68136c 1406->1409 1410 684ec6-684ede call 684d63 1406->1410 1409->1410 1415 684f39-684f46 CoInitializeEx 1410->1415 1416 684ee0-684f34 call 689bb0 call 689940 call 681b84 call 681be0 call 68136c 1410->1416 1420 684f48-684f4b 1415->1420 1421 684f4d-684f51 call 685a4f 1415->1421 1451 6858da-6858e1 1416->1451 1420->1421 1424 684f56-684f7c call 6f8760 1420->1424 1421->1424 1432 684f7e-684f84 1424->1432 1433 684f86 1424->1433 1436 684f88-684f99 call 685d57 1432->1436 1433->1436 1443 684f9b-684fec call 689bb0 call 689940 call 681b84 call 681be0 call 68136c 1436->1443 1444 684ff1-685008 call 6f8760 1436->1444 1477 6858ba-6858bf 1443->1477 1452 68500a-685010 1444->1452 1453 685012 1444->1453 1455 6858ef-685913 call 6f8367 1451->1455 1456 6858e3-6858e9 CloseHandle 1451->1456 1457 685014-68502c call 685db6 1452->1457 1453->1457 1456->1455 1465 68507b-6850cc call 6fa920 call 6f8760 1457->1465 1466 68502e-685076 call 689bb0 call 689940 call 681b84 call 681be0 call 68136c 1457->1466 1482 6850d8 1465->1482 1483 6850ce-6850d6 call 696bd0 1465->1483 1505 6858ab-6858b3 1466->1505 1480 6858c1 call 687d21 1477->1480 1481 6858c6-6858d2 call 6859c2 1477->1481 1480->1481 1481->1451 1496 6858d4 CoUninitialize 1481->1496 1489 6850da-6850f0 call 685e16 1482->1489 1483->1489 1497 6850f2-68513e call 689bb0 call 689940 call 681b84 call 681be0 call 68136c 1489->1497 1498 685143-685154 1489->1498 1496->1451 1533 685897-68589c 1497->1533 1502 68515a-685176 1498->1502 1503 685156 1498->1503 1506 685178 1502->1506 1507 68517c-685194 1502->1507 1503->1502 1505->1477 1510 6858b5 call 687d21 1505->1510 1506->1507 1508 68519a-6851a9 call 6b3670 1507->1508 1509 685196 1507->1509 1517 6851ab-6851f2 call 689bb0 call 689940 call 681b84 call 681be0 1508->1517 1518 6851f7-685233 CommandLineToArgvW 1508->1518 1509->1508 1510->1477 1550 685310-685318 call 68136c 1517->1550 1530 685284-6852b0 call 6fa920 GetModuleFileNameW 1518->1530 1531 685235-685282 call 689bb0 call 689940 call 681b84 call 681be0 GetLastError 1518->1531 1546 68531d-685367 call 68d730 call 6fa920 GetLongPathNameW 1530->1546 1547 6852b2-6852fc call 689bb0 call 689940 call 681b84 call 681be0 GetLastError 1530->1547 1570 6852ff-68530a call 686140 1531->1570 1537 68589e call 687d21 1533->1537 1538 6858a3-6858a6 call 685946 1533->1538 1537->1538 1538->1505 1563 685419-685520 call 68171d * 2 call 6b5b70 call 683899 * 2 call 6849d2 call 68171d * 2 call 6b5b70 call 683899 * 2 call 6849d2 1546->1563 1564 68536d-685416 call 689bb0 call 689940 call 681b84 call 681be0 GetLastError call 686140 call 6861b0 call 684190 call 68136c call 6fea46 1546->1564 1547->1570 1550->1533 1615 685522-685591 call 684a04 call 68171d call 6b5b70 call 683899 * 2 1563->1615 1616 685596-6855a8 call 6849d2 1563->1616 1564->1563 1570->1550 1615->1616 1622 6855aa-68560c call 68171d * 2 call 6b5b70 call 683899 * 2 1616->1622 1623 685611-68564f call 684a4a 1616->1623 1622->1623 1641 685698-6856a9 call 684b92 1623->1641 1642 685651-685693 call 689bb0 call 689940 call 681b84 call 686220 call 68136c 1623->1642 1650 68571b-685729 call 683a88 1641->1650 1651 6856ab-685716 call 689bb0 call 689940 call 681b84 call 681be0 1641->1651 1642->1641 1655 68572e-685733 1650->1655 1690 685887-68588c call 68136c 1651->1690 1658 685739-68573b 1655->1658 1659 6857ed-685802 call 687d7c 1655->1659 1662 68573d-685740 1658->1662 1663 685746-68575b call 687d7c 1658->1663 1671 685804 1659->1671 1672 685806-685881 call 68372a call 689bb0 call 689940 call 681b84 call 681be0 call 686290 1659->1672 1662->1659 1662->1663 1675 68575d 1663->1675 1676 68575f-6857e8 call 68372a call 689bb0 call 689940 call 681b84 call 681be0 call 686290 call 68136c 1663->1676 1671->1672 1672->1690 1675->1676 1700 68588f-685892 call 683899 1676->1700 1690->1700 1700->1533
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006AD6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00684E6C,3536BAD2), ref: 006AD6D5
                                                                                                                                                                              • Part of subcall function 006AD6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 006AD6E5
                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000000,3536BAD2), ref: 00684F3E
                                                                                                                                                                            • CommandLineToArgvW.SHELL32(?,?), ref: 00685226
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00685276
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 006852A8
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 006852F3
                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0068535F
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002), ref: 006853AE
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000001), ref: 006858E9
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                              • Part of subcall function 0068136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006813A5
                                                                                                                                                                            • CoUninitialize.OLE32(?,00000001), ref: 006858D4
                                                                                                                                                                              • Part of subcall function 00696BD0: __Mtx_init_in_situ.LIBCPMT ref: 00696CC0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                            • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                            • API String ID: 126520999-360321973
                                                                                                                                                                            • Opcode ID: 5be39961cbe60803fe5a6c04e967fbd7fbd753a5db36ea4691904e0fff21e309
                                                                                                                                                                            • Instruction ID: 6e07b2687f2364ad7f5b158fd641d54266c944cf1c823d899cd5678edf9fd197
                                                                                                                                                                            • Opcode Fuzzy Hash: 5be39961cbe60803fe5a6c04e967fbd7fbd753a5db36ea4691904e0fff21e309
                                                                                                                                                                            • Instruction Fuzzy Hash: 7D6271B0900249DFDF54EFA4C895BED7B76AF04304F5082ADF80A67281DB749E49CBA5
                                                                                                                                                                            Function 006BEFC0 Relevance: 65.5, APIs: 13, Strings: 24, Instructions: 743COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1717 6befc0-6bf053 call 6d41f0 call 6d4430 1722 6bf07f-6bf13b call 6bea50 call 6fa920 * 2 1717->1722 1723 6bf055-6bf06b call 6b8650 1717->1723 1738 6bf168-6bf170 1722->1738 1739 6bf13d-6bf163 GetLastError call 6be9b0 1722->1739 1726 6bf070-6bf07a 1723->1726 1728 6bfa58-6bfa83 call 6d4210 call 6f8367 1726->1728 1741 6bf18d-6bf1ab call 6d4280 1738->1741 1742 6bf172-6bf186 1738->1742 1746 6bf3cb-6bf3e6 call 6b8650 1739->1746 1748 6bf1d8-6bf209 call 6d4480 1741->1748 1749 6bf1ad-6bf1d3 GetLastError call 6be9b0 1741->1749 1742->1741 1746->1728 1755 6bf20b-6bf231 GetLastError call 6be9b0 1748->1755 1756 6bf236-6bf255 call 6d4250 1748->1756 1749->1746 1755->1746 1761 6bf289-6bf29a call 6d4640 1756->1761 1762 6bf257-6bf286 call 6b8650 1756->1762 1767 6bf29c-6bf2ee GetLastError call 6be9b0 call 6b8650 1761->1767 1768 6bf2f3-6bf300 call 6d4620 1761->1768 1762->1761 1767->1728 1775 6bf329-6bf33f call 6d4560 1768->1775 1776 6bf302-6bf324 GetLastError call 6be9b0 1768->1776 1782 6bf389-6bf3a7 call 6d44c0 1775->1782 1783 6bf341-6bf384 GetLastError call 6be9b0 call 6b8650 1775->1783 1776->1746 1789 6bf3eb-6bf41a call 70594f 1782->1789 1790 6bf3a9-6bf3c6 GetLastError call 6be9b0 1782->1790 1783->1728 1796 6bf45a-6bf461 1789->1796 1797 6bf41c-6bf455 call 6be9b0 call 6b8650 1789->1797 1790->1746 1799 6bf463-6bf48f 1796->1799 1800 6bf4c2-6bf4db call 6c08c0 1796->1800 1811 6bfa4f-6bfa50 call 6fe960 1797->1811 1803 6bf495-6bf49e 1799->1803 1807 6bf4e0-6bf501 call 6844b2 1800->1807 1803->1803 1806 6bf4a0-6bf4c0 call 68347e 1803->1806 1806->1807 1816 6bf51d-6bf523 1807->1816 1817 6bf503-6bf517 call 6838d0 1807->1817 1815 6bfa55 1811->1815 1815->1728 1819 6bf530-6bf537 1816->1819 1820 6bf525-6bf52b call 6838d0 1816->1820 1817->1816 1823 6bf539-6bf53f 1819->1823 1824 6bf5a0-6bf5de call 6c0230 1819->1824 1820->1819 1826 6bf561-6bf582 call 6b8650 1823->1826 1827 6bf541-6bf55f call 6b8650 1823->1827 1833 6bf5e0-6bf5e6 1824->1833 1834 6bf657-6bf669 call 6838d0 1824->1834 1835 6bf585-6bf59b call 6be9b0 1826->1835 1827->1835 1837 6bf5e8-6bf5f7 1833->1837 1838 6bf625-6bf654 1833->1838 1843 6bf66b 1834->1843 1844 6bf66d-6bf676 PathFileExistsW 1834->1844 1853 6bfa44-6bfa4a call 6838d0 1835->1853 1841 6bf5f9-6bf607 1837->1841 1842 6bf60f-6bf61f call 6f8375 1837->1842 1838->1834 1846 6bfadf-6bfb00 call 6fd60f 1841->1846 1847 6bf60d 1841->1847 1842->1838 1843->1844 1851 6bf83d-6bf844 1844->1851 1852 6bf67c-6bf68b 1844->1852 1862 6bfb0d-6bfb11 1846->1862 1863 6bfb02-6bfb0a call 6f8375 1846->1863 1847->1842 1856 6bf848-6bf86a CreateFileW 1851->1856 1857 6bf846 1851->1857 1858 6bf8b8-6bf8bc 1852->1858 1859 6bf691-6bf6a4 1852->1859 1853->1811 1864 6bf8fa-6bf942 call 6d35a0 call 6d45f0 1856->1864 1865 6bf870-6bf8b3 call 6be9b0 call 6b8650 1856->1865 1857->1856 1860 6bf8be 1858->1860 1861 6bf8c0-6bf8f5 call 6b8650 call 6be9b0 1858->1861 1866 6bfada call 6834d0 1859->1866 1867 6bf6aa-6bf6ae 1859->1867 1860->1861 1861->1853 1863->1862 1894 6bf948 1864->1894 1895 6bf9d6-6bfa1a CloseHandle call 6d35f0 call 68149c 1864->1895 1865->1853 1866->1846 1872 6bf6b8-6bf6f2 1867->1872 1873 6bf6b0-6bf6b2 1867->1873 1878 6bf739-6bf7ba call 6fa3a0 DeleteFileW 1872->1878 1879 6bf6f4-6bf6ff 1872->1879 1873->1872 1892 6bf7be-6bf7ca call 7065f0 1878->1892 1893 6bf7bc 1878->1893 1884 6bf708-6bf70f 1879->1884 1885 6bf701-6bf706 1879->1885 1890 6bf712-6bf733 call 6833c3 1884->1890 1885->1890 1890->1878 1905 6bf82e-6bf838 call 6838d0 1892->1905 1906 6bf7cc-6bf7ee call 6fd73d call 6be9b0 1892->1906 1893->1892 1900 6bf950-6bf958 1894->1900 1916 6bfa1c-6bfa1f 1895->1916 1917 6bfa24-6bfa33 call 6be9b0 1895->1917 1900->1895 1904 6bf95a-6bf973 WriteFile 1900->1904 1908 6bf979-6bf9c9 call 6be990 call 6d4140 call 6d45f0 1904->1908 1909 6bfa86-6bfad5 call 6be9b0 call 6b8650 CloseHandle 1904->1909 1905->1851 1930 6bf7f2-6bf829 call 6b8650 call 6838d0 1906->1930 1931 6bf7f0 1906->1931 1934 6bf9ce-6bf9d0 1908->1934 1927 6bfa3a 1909->1927 1916->1917 1917->1927 1927->1853 1930->1853 1931->1930 1934->1895 1934->1900
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006BF13D
                                                                                                                                                                              • Part of subcall function 006B8650: std::locale::_Init.LIBCPMT ref: 006B882F
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 006BFAC8
                                                                                                                                                                              • Part of subcall function 006FE960: _free.LIBCMT ref: 006FE973
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                            • String ID: <$<Zt$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                            • API String ID: 2292809486-3214122793
                                                                                                                                                                            • Opcode ID: 5d5ccc8395e85c1e5211ea5cceab998449215e320382edd64a3401074d90ba0f
                                                                                                                                                                            • Instruction ID: b2a8603c241c89290221044fdc301affcb2ac3198bec23cb8b5ccf122aeb41b3
                                                                                                                                                                            • Opcode Fuzzy Hash: 5d5ccc8395e85c1e5211ea5cceab998449215e320382edd64a3401074d90ba0f
                                                                                                                                                                            • Instruction Fuzzy Hash: CC628EF0A40619ABDB24DB14CC45FE9B7B6AF44304F0041E9F619672A2DB74AEC4CF99
                                                                                                                                                                            Function 006C65F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2370 6c65f0-6c6642 2371 6c6644 2370->2371 2372 6c6646-6c664a 2370->2372 2371->2372 2373 6c68c4-6c68de 2372->2373 2374 6c6650-6c6662 call 681b0c 2372->2374 2375 6c6a8f-6c6aa3 call 6f88fa 2373->2375 2376 6c68e4-6c6900 call 6b1ac0 2373->2376 2374->2373 2383 6c6668-6c6690 2374->2383 2375->2376 2384 6c6aa9-6c6cc3 call 6c60c0 * 3 call 68347e call 6c60c0 * 2 call 68347e * 4 call 6c6400 call 6f85d4 call 6f85bf call 6f88b0 2375->2384 2385 6c695a-6c6960 2376->2385 2386 6c6902-6c6912 2376->2386 2387 6c6696-6c66be 2383->2387 2388 6c6712 2383->2388 2384->2376 2391 6c6964-6c69a1 call 6b8650 2385->2391 2392 6c6962 2385->2392 2393 6c6914 2386->2393 2394 6c6916-6c6923 2386->2394 2395 6c66c4-6c66cd 2387->2395 2390 6c6719-6c6727 2388->2390 2399 6c6729-6c672f call 6838d0 2390->2399 2400 6c6734-6c673b 2390->2400 2415 6c69a4-6c69ad 2391->2415 2392->2391 2393->2394 2396 6c692d-6c694e call 681b0c 2394->2396 2397 6c6925-6c6927 2394->2397 2395->2395 2402 6c66cf-6c6710 call 68347e call 6b93a0 2395->2402 2417 6c69db-6c69e4 2396->2417 2418 6c6954 2396->2418 2397->2396 2399->2400 2407 6c673d-6c677c call 6b8650 2400->2407 2408 6c67a8-6c67df call 6fa920 2400->2408 2402->2388 2402->2390 2428 6c6780-6c6789 2407->2428 2425 6c681d 2408->2425 2426 6c67e1-6c67f5 2408->2426 2415->2415 2422 6c69af-6c69b7 call 68347e 2415->2422 2417->2385 2423 6c69ea-6c69f6 2417->2423 2418->2385 2418->2423 2435 6c69bc-6c69d8 call 6f8367 2422->2435 2423->2385 2430 6c69fc-6c6a1c SHGetKnownFolderPath 2423->2430 2432 6c681f-6c6843 GetEnvironmentVariableW 2425->2432 2426->2425 2431 6c67f7-6c67fd 2426->2431 2428->2428 2434 6c678b-6c67a3 call 68347e call 6838d0 2428->2434 2436 6c6a1e-6c6a22 2430->2436 2437 6c6a54-6c6a8a call 6814a1 CoTaskMemFree call 6844b2 call 6838d0 2430->2437 2438 6c6800 2431->2438 2439 6c686e-6c68b1 GetLastError call 6b8650 2432->2439 2440 6c6845-6c684a 2432->2440 2434->2435 2444 6c6a24 2436->2444 2445 6c6a26-6c6a4f call 6b8650 call 6814a1 2436->2445 2437->2435 2438->2425 2447 6c6802-6c6805 2438->2447 2462 6c68b4-6c68bd 2439->2462 2440->2439 2449 6c684c-6c6865 call 6814a1 call 6838d0 2440->2449 2444->2445 2445->2435 2456 6c686a-6c686c 2447->2456 2457 6c6807-6c681b 2447->2457 2449->2435 2456->2432 2457->2425 2457->2438 2462->2462 2469 6c68bf 2462->2469 2469->2373
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 006C683B
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006C686E
                                                                                                                                                                            • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 006C6A15
                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 006C6A6B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                            • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                            • API String ID: 3946049928-1874136459
                                                                                                                                                                            • Opcode ID: 5c98aa0b7ef40e48dba9a4b6b92b29fc927f56ab66e2b5f4a22bd37bf8a29952
                                                                                                                                                                            • Instruction ID: 56144b533d1c3a999673bc15b7156c9d71b4c1c4a94e000a3111c4be7b9536aa
                                                                                                                                                                            • Opcode Fuzzy Hash: 5c98aa0b7ef40e48dba9a4b6b92b29fc927f56ab66e2b5f4a22bd37bf8a29952
                                                                                                                                                                            • Instruction Fuzzy Hash: 3702C1B0A00358DADB64DF64CC49BEDB7B2EF14704F10459DE40967291EBB86AC8CF69
                                                                                                                                                                            Function 006BEAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2492 6beaa0-6beb46 call 6d41f0 call 6d4430 2497 6bec1b-6bec28 2492->2497 2498 6beb4c-6bebf6 call 6fa920 * 2 2492->2498 2500 6bef5b-6bef83 call 6d4210 call 6f8367 2497->2500 2509 6bebf8-6bec18 GetLastError call 6b8650 2498->2509 2510 6bec2d-6bec35 2498->2510 2509->2497 2512 6bec52-6bec6d call 6d4280 2510->2512 2513 6bec37-6bec4b 2510->2513 2517 6bec6f-6bec9f GetLastError call 6b8650 2512->2517 2518 6beca4-6becd5 call 6d4480 2512->2518 2513->2512 2517->2500 2523 6bed0c-6bed2b call 6d4250 2518->2523 2524 6becd7-6bed07 GetLastError call 6b8650 2518->2524 2529 6bed2d-6bed49 GetLastError call 6b8650 2523->2529 2530 6bed4c-6bed5d call 6d4640 2523->2530 2524->2500 2529->2530 2535 6bed5f-6beda0 GetLastError call 6b8650 2530->2535 2536 6beda5-6bedb2 call 6d4620 2530->2536 2535->2500 2541 6bede5-6bedfb call 6d4560 2536->2541 2542 6bedb4-6bede0 GetLastError call 6b8650 2536->2542 2547 6bedfd-6bee2f GetLastError call 6b8650 2541->2547 2548 6bee34-6bee52 call 6d44c0 2541->2548 2542->2500 2547->2500 2553 6bee88-6beea4 call 70594f 2548->2553 2554 6bee54-6bee83 GetLastError call 6b8650 2548->2554 2559 6beeda-6bef01 call 6d45f0 2553->2559 2560 6beea6-6beed5 call 6b8650 call 6fe960 2553->2560 2554->2500 2563 6bef06-6bef08 2559->2563 2560->2500 2566 6bef0a 2563->2566 2567 6bef46-6bef58 call 6fe960 2563->2567 2569 6bef10-6bef18 2566->2569 2567->2500 2569->2567 2571 6bef1a-6bef22 2569->2571 2573 6bef86-6befb9 call 6b8650 call 6fe960 2571->2573 2574 6bef24-6bef44 call 6d45f0 2571->2574 2573->2500 2574->2567 2574->2569
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2), ref: 006BEBF9
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2,?,00000000,?), ref: 006BEC70
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 006BECD8
                                                                                                                                                                              • Part of subcall function 006B8650: std::locale::_Init.LIBCPMT ref: 006B882F
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 006BED2E
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 006BED75
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                            • String ID: @]k$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                            • API String ID: 1579124236-2715288634
                                                                                                                                                                            • Opcode ID: 94c4d632090fb1490cc9408042dffd6468f740763bff43d38d7bf1d635edbfa9
                                                                                                                                                                            • Instruction ID: 39b217dbd3ba79c8d56a714bf17613b8fb152f10627066072a51a1f58c4efd9b
                                                                                                                                                                            • Opcode Fuzzy Hash: 94c4d632090fb1490cc9408042dffd6468f740763bff43d38d7bf1d635edbfa9
                                                                                                                                                                            • Instruction Fuzzy Hash: 0FC182F0A4071DABEB209F10CC86BE9B769AF15704F404199F609672C2EBB55EC4CB69
                                                                                                                                                                            Function 006B9400 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 871libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2581 6b9400-6b9483 GetModuleHandleW 2582 6b94c2 2581->2582 2583 6b9485-6b9495 GetProcAddress 2581->2583 2584 6b94c4-6b94dc 2582->2584 2583->2582 2585 6b9497-6b94b3 GetCurrentProcess 2583->2585 2586 6b94e0-6b94e9 2584->2586 2585->2582 2589 6b94b5-6b94bc 2585->2589 2586->2586 2588 6b94eb-6b952f call 68347e 2586->2588 2593 6b9530-6b9539 2588->2593 2589->2582 2591 6b94be-6b94c0 2589->2591 2591->2584 2593->2593 2594 6b953b-6b9567 call 68347e call 6b8c60 2593->2594 2599 6b9569-6b9580 call 68347e 2594->2599 2600 6b9585-6b9592 2594->2600 2599->2600 2602 6b95c9-6b95f6 2600->2602 2603 6b9594-6b95a9 2600->2603 2606 6b95f8-6b960d 2602->2606 2607 6b962d-6b9674 call 6b91a0 2602->2607 2604 6b95ab-6b95b9 2603->2604 2605 6b95bf-6b95c6 call 6f8375 2603->2605 2604->2605 2608 6ba108-6ba121 call 6fd60f 2604->2608 2605->2602 2610 6b960f-6b961d 2606->2610 2611 6b9623-6b962a call 6f8375 2606->2611 2617 6b9677-6b9680 2607->2617 2610->2608 2610->2611 2611->2607 2617->2617 2620 6b9682-6b96a8 call 68347e call 6b8c60 2617->2620 2625 6b96aa-6b96b1 2620->2625 2626 6b96be-6b96cb 2620->2626 2627 6b96b3 2625->2627 2628 6b96b5-6b96b9 call 68347e 2625->2628 2629 6b96cd-6b96e2 2626->2629 2630 6b9702-6b972f 2626->2630 2627->2628 2628->2626 2634 6b96f8-6b96ff call 6f8375 2629->2634 2635 6b96e4-6b96f2 2629->2635 2631 6b9731-6b9746 2630->2631 2632 6b9766-6b97c9 call 6fa920 GetModuleFileNameW 2630->2632 2636 6b9748-6b9756 2631->2636 2637 6b975c-6b9763 call 6f8375 2631->2637 2644 6b97cb-6b97fb GetLastError call 6b8650 2632->2644 2645 6b9816-6b9884 call 6c0750 call 683f22 call 6838d0 call 6fa920 GetLongPathNameW 2632->2645 2634->2630 2635->2634 2636->2637 2637->2632 2651 6b9800-6b9809 2644->2651 2663 6b98eb-6b98f1 2645->2663 2664 6b9886-6b98e8 GetLastError call 6b8650 call 6fea46 2645->2664 2651->2651 2653 6b980b-6b9811 2651->2653 2655 6b990b-6b9948 call 68347e 2653->2655 2660 6b9950-6b9959 2655->2660 2660->2660 2662 6b995b-6b9987 call 68347e call 6b8c60 2660->2662 2675 6b9989-6b99a0 call 68347e 2662->2675 2676 6b99a5-6b99b2 2662->2676 2667 6b98f4-6b98fd 2663->2667 2664->2663 2667->2667 2670 6b98ff-6b990a 2667->2670 2670->2655 2675->2676 2678 6b99e9-6b9a16 2676->2678 2679 6b99b4-6b99c9 2676->2679 2680 6b9a18-6b9a2d 2678->2680 2681 6b9a4d-6b9abf call 68347e 2678->2681 2682 6b99cb-6b99d9 2679->2682 2683 6b99df-6b99e6 call 6f8375 2679->2683 2684 6b9a2f-6b9a3d 2680->2684 2685 6b9a43-6b9a4a call 6f8375 2680->2685 2692 6b9ac0-6b9ac9 2681->2692 2682->2683 2683->2678 2684->2685 2685->2681 2692->2692 2693 6b9acb-6b9af7 call 68347e call 6b8c60 2692->2693 2698 6b9af9-6b9b10 call 68347e 2693->2698 2699 6b9b15-6b9b22 2693->2699 2698->2699 2701 6b9b59-6b9b86 2699->2701 2702 6b9b24-6b9b39 2699->2702 2705 6b9b88-6b9b9d 2701->2705 2706 6b9bbd-6b9c2f call 68347e 2701->2706 2703 6b9b3b-6b9b49 2702->2703 2704 6b9b4f-6b9b56 call 6f8375 2702->2704 2703->2704 2704->2701 2708 6b9b9f-6b9bad 2705->2708 2709 6b9bb3-6b9bba call 6f8375 2705->2709 2714 6b9c30-6b9c39 2706->2714 2708->2709 2709->2706 2714->2714 2716 6b9c3b-6b9c67 call 68347e call 6b8c60 2714->2716 2721 6b9c69-6b9c80 call 68347e 2716->2721 2722 6b9c85-6b9c92 2716->2722 2721->2722 2724 6b9cc9-6b9cf6 2722->2724 2725 6b9c94-6b9ca9 2722->2725 2726 6b9cf8-6b9d0d 2724->2726 2727 6b9d2d-6b9d69 call 6b8f20 call 6ba130 2724->2727 2728 6b9cab-6b9cb9 2725->2728 2729 6b9cbf-6b9cc6 call 6f8375 2725->2729 2730 6b9d0f-6b9d1d 2726->2730 2731 6b9d23-6b9d2a call 6f8375 2726->2731 2740 6b9d6b-6b9d6d 2727->2740 2741 6b9d72-6b9dae call 6b8f60 call 6ba130 2727->2741 2728->2729 2729->2724 2730->2731 2731->2727 2740->2741 2746 6b9db0-6b9db2 2741->2746 2747 6b9db7-6b9df3 call 6b8ee0 call 6ba130 2741->2747 2746->2747 2752 6b9dfc-6b9e38 call 6b9120 call 6ba130 2747->2752 2753 6b9df5-6b9df7 2747->2753 2758 6b9e3a-6b9e3c 2752->2758 2759 6b9e41-6b9e7d call 6b9120 call 6ba130 2752->2759 2753->2752 2758->2759 2764 6b9e7f-6b9e81 2759->2764 2765 6b9e86-6b9ec2 call 6b90e0 call 6ba130 2759->2765 2764->2765 2770 6b9ecb-6b9f07 call 6b9160 call 6ba130 2765->2770 2771 6b9ec4-6b9ec6 2765->2771 2776 6b9f09-6b9f0b 2770->2776 2777 6b9f10-6b9f4c call 6b9060 call 6ba130 2770->2777 2771->2770 2776->2777 2782 6b9f4e-6b9f50 2777->2782 2783 6b9f55-6b9f91 call 6b9060 call 6ba130 2777->2783 2782->2783 2788 6b9f9a-6b9fd6 call 6b9020 call 6ba130 2783->2788 2789 6b9f93-6b9f95 2783->2789 2794 6b9fd8-6b9fda 2788->2794 2795 6b9fdf-6ba01b call 6b90a0 call 6ba130 2788->2795 2789->2788 2794->2795 2800 6ba01d-6ba01f 2795->2800 2801 6ba024-6ba060 call 6b8fa0 call 6ba130 2795->2801 2800->2801 2806 6ba069-6ba0a5 call 6b8fe0 call 6ba130 2801->2806 2807 6ba062-6ba064 2801->2807 2812 6ba0ae-6ba0e3 call 6b8ea0 call 6ba130 2806->2812 2813 6ba0a7-6ba0a9 2806->2813 2807->2806 2818 6ba0ec-6ba107 call 6f8367 2812->2818 2819 6ba0e5-6ba0e7 2812->2819 2813->2812 2819->2818
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,3536BAD2,?), ref: 006B947B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006B948B
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 006B94A8
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0075A52C,0075A52A), ref: 006B97C1
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0075A52C,0075A52A), ref: 006B97CB
                                                                                                                                                                            • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 006B987C
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006B989A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                            • String ID: $wt$0pt$0wt$1.1$<wt$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32$>t$rt$vt
                                                                                                                                                                            • API String ID: 891933594-3068913677
                                                                                                                                                                            • Opcode ID: 7230c12a4184161d6e863a1c7533d461c6d2fb6450068efdcbf6a730234e87f5
                                                                                                                                                                            • Instruction ID: 06078f36237f879c4aeb36ee88f28082054692ad285f065de694c9cd63b16155
                                                                                                                                                                            • Opcode Fuzzy Hash: 7230c12a4184161d6e863a1c7533d461c6d2fb6450068efdcbf6a730234e87f5
                                                                                                                                                                            • Instruction Fuzzy Hash: 4D728CB0A002189FDB64DF64CC85BDDB7B6AF49304F1041DCE609AB291DB74AE84CF69
                                                                                                                                                                            Function 006BBC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2822 6bbc60-6bbd0a call 68347e 2825 6bbd0e-6bbd14 2822->2825 2826 6bbd0c 2822->2826 2827 6bbd18-6bbd39 call 6bfbe0 2825->2827 2828 6bbd16 2825->2828 2826->2825 2831 6bbd3b-6bbd3f 2827->2831 2832 6bbd6e-6bbd94 PathFindExtensionW call 702041 2827->2832 2828->2827 2834 6bbd43-6bbd63 call 6b8650 2831->2834 2835 6bbd41 2831->2835 2838 6bbdaa-6bbdbe 2832->2838 2839 6bbd96-6bbda8 call 702041 2832->2839 2844 6bbd69 2834->2844 2845 6bbe5d-6bbe5f 2834->2845 2835->2834 2842 6bbdc9-6bbdce call 6ceb20 2838->2842 2843 6bbdc0-6bbdc5 call 6e21d0 2838->2843 2839->2838 2850 6bbdea-6bbdfa call 6bbbf0 2839->2850 2857 6bbdd1-6bbdd3 2842->2857 2851 6bbdc7 2843->2851 2849 6bbe4b-6bbe57 DeleteFileW 2844->2849 2848 6bbe63-6bbe69 2845->2848 2853 6bbe6b-6bbe7d 2848->2853 2854 6bbe99-6bbeb3 2848->2854 2849->2845 2868 6bbdfc-6bbe0e 2850->2868 2869 6bbe61 2850->2869 2851->2857 2859 6bbe8f-6bbe96 call 6f8375 2853->2859 2860 6bbe7f-6bbe8d 2853->2860 2855 6bbee3-6bbf00 call 6f8367 2854->2855 2856 6bbeb5-6bbec7 2854->2856 2864 6bbed9-6bbee0 call 6f8375 2856->2864 2865 6bbec9-6bbed7 2856->2865 2857->2850 2867 6bbdd5-6bbde8 2857->2867 2859->2854 2860->2859 2863 6bbf03-6bbf63 call 6fd60f 2860->2863 2882 6bbf65-6bbf6f 2863->2882 2883 6bbf74-6bc0e0 call 68347e call 6b67e0 call 6838d0 call 68347e call 6b67e0 call 6838d0 call 68347e call 6b67e0 call 6838d0 call 68347e call 6b67e0 call 6838d0 call 68347e call 6b67e0 call 6838d0 2863->2883 2864->2855 2865->2863 2865->2864 2874 6bbe37-6bbe48 call 6b8650 2867->2874 2875 6bbe12-6bbe1f call 702041 2868->2875 2876 6bbe10 2868->2876 2869->2848 2874->2849 2875->2869 2888 6bbe21-6bbe32 2875->2888 2876->2875 2885 6bc387-6bc39d call 6b8650 2882->2885 2927 6bc37d-6bc382 2883->2927 2928 6bc0e6-6bc0ee 2883->2928 2893 6bc39f-6bc3a4 2885->2893 2888->2874 2895 6bc3c7-6bc3e4 call 6f8367 2893->2895 2896 6bc3a6-6bc3b0 2893->2896 2896->2895 2897 6bc3b2-6bc3be 2896->2897 2897->2895 2904 6bc3c0-6bc3c2 2897->2904 2904->2895 2927->2885 2928->2927 2929 6bc0f4-6bc0fc 2928->2929 2930 6bc0fe-6bc113 call 6814a1 2929->2930 2931 6bc115-6bc121 call 6814c1 2929->2931 2936 6bc126-6bc13c call 6844b2 2930->2936 2931->2936 2939 6bc13e-6bc147 call 6838d0 2936->2939 2940 6bc14c-6bc153 2936->2940 2939->2940 2942 6bc166-6bc171 2940->2942 2943 6bc155-6bc161 call 6838d0 2940->2943 2944 6bc188-6bc197 call 6814c1 2942->2944 2945 6bc173-6bc186 call 6814a1 2942->2945 2943->2942 2951 6bc19a-6bc1b0 call 6844b2 2944->2951 2945->2951 2954 6bc1c3-6bc1ca 2951->2954 2955 6bc1b2-6bc1be call 6838d0 2951->2955 2957 6bc1dd-6bc1e5 2954->2957 2958 6bc1cc-6bc1d8 call 6838d0 2954->2958 2955->2954 2960 6bc1fc-6bc20b call 6814c1 2957->2960 2961 6bc1e7-6bc1fa call 6814a1 2957->2961 2958->2957 2966 6bc20e-6bc221 call 6844b2 2960->2966 2961->2966 2969 6bc223-6bc22c call 6838d0 2966->2969 2970 6bc231-6bc238 2966->2970 2969->2970 2972 6bc23a-6bc240 call 6838d0 2970->2972 2973 6bc245-6bc25e call 6ba380 2970->2973 2972->2973 2977 6bc346-6bc34b 2973->2977 2978 6bc264-6bc271 call 6ba380 2973->2978 2980 6bc34d-6bc35e call 6b8650 2977->2980 2978->2977 2984 6bc277-6bc284 call 6ba380 2978->2984 2985 6bc361 2980->2985 2984->2977 2990 6bc28a-6bc297 2984->2990 2987 6bc363-6bc37b call 6838d0 * 3 2985->2987 2987->2893 2992 6bc29b-6bc2aa call 724db0 2990->2992 2993 6bc299 2990->2993 2999 6bc2cf-6bc301 call 6814a1 call 6b67e0 call 6838d0 2992->2999 3000 6bc2ac-6bc2ca call 6b8650 2992->3000 2993->2992 3010 6bc323-6bc33d call 6bbc60 2999->3010 3011 6bc303-6bc310 call 6ba380 2999->3011 3000->2985 3015 6bc342-6bc344 3010->3015 3016 6bc31b-6bc31f 3011->3016 3017 6bc312-6bc319 3011->3017 3015->2987 3016->3010 3018 6bc321 3016->3018 3017->2980 3018->3010
                                                                                                                                                                            APIs
                                                                                                                                                                            • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0075BFD0,00000000,3536BAD2), ref: 006BBD7A
                                                                                                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 006BBE57
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                            • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                            • API String ID: 3618814920-733304951
                                                                                                                                                                            • Opcode ID: 9a1a3467c6b7eee89d3089544776c5fc29fa4b6acd3af2f5df98e50c3e18545e
                                                                                                                                                                            • Instruction ID: 6ad97990309fedcce88b391bdda7d879fc7f4b699ba58eaa8dec1636f3dfb40b
                                                                                                                                                                            • Opcode Fuzzy Hash: 9a1a3467c6b7eee89d3089544776c5fc29fa4b6acd3af2f5df98e50c3e18545e
                                                                                                                                                                            • Instruction Fuzzy Hash: 55229EB1E00208DFDB10DFA4CC95BEEB7B6AF04714F50415DE515A7282DB78AA89CF64
                                                                                                                                                                            Function 00690890 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 3210 690890-6908e2 call 6e3bab 3213 6908e8-6908ee 3210->3213 3214 691045-691046 call 6e3faf 3210->3214 3215 690a53-690a70 call 6fa920 3213->3215 3216 6908f4-69090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3213->3216 3221 69104b call 6fd60f 3214->3221 3227 690a72 3215->3227 3228 690a75-690ab6 call 693110 3215->3228 3219 69101f-691042 call 6e3bbc call 6f8367 3216->3219 3220 690911-690939 3216->3220 3223 69093b 3220->3223 3224 69093d-690942 3220->3224 3231 691050-691053 3221->3231 3223->3224 3229 690945-69094e 3224->3229 3227->3228 3242 690fa9-69101c call 692b90 call 6e2bfd 3228->3242 3243 690abc-690ac0 3228->3243 3229->3229 3233 690950-69099f call 68f520 call 68e640 3229->3233 3235 69105c-691069 3231->3235 3236 691055-69105a 3231->3236 3250 6909a4-6909bf 3233->3250 3237 69106c-691098 call 682a82 call 6828d1 call 6fa332 3235->3237 3236->3237 3242->3219 3247 690d19-690d26 3243->3247 3248 690ac6-690bba call 6f8713 call 6fa920 call 6e3367 call 6e3184 call 6e33f6 call 683128 call 6e3084 call 6e31e9 3243->3248 3254 690d28 3247->3254 3255 690d2a-690d53 call 6889b0 3247->3255 3332 690bbc-690bcc call 6e3367 3248->3332 3333 690bef-690c12 call 6e5688 3248->3333 3256 6909fc-690a1b 3250->3256 3257 6909c1-6909d6 3250->3257 3254->3255 3270 690d59-690d70 call 682c9c 3255->3270 3271 690e00-690e0a 3255->3271 3267 690a1d-690a1f 3256->3267 3268 690a31-690a40 3256->3268 3262 6909d8-6909e6 3257->3262 3263 6909ec-6909f9 call 6f8375 3257->3263 3262->3221 3262->3263 3263->3256 3267->3219 3274 690a25-690a2c LocalFree 3267->3274 3276 690a51 3268->3276 3277 690a42-690a4f LocalFree 3268->3277 3285 690db8-690dc3 call 6e38a1 3270->3285 3286 690d72-690d8a 3270->3286 3271->3242 3280 690e10-690e3a call 682c9c 3271->3280 3274->3219 3276->3215 3277->3215 3289 690e89-690eb2 call 6e38a1 3280->3289 3290 690e3c-690e6c call 692380 3280->3290 3300 690dcd-690de5 3285->3300 3301 690dc5-690dc8 call 682510 3285->3301 3286->3285 3312 690d8c-690db2 3286->3312 3306 690ebc 3289->3306 3307 690eb4-690eb7 call 682510 3289->3307 3313 690e6e-690e79 call 6e38a1 3290->3313 3304 690dfc 3300->3304 3305 690de7-690df4 3300->3305 3301->3300 3304->3271 3305->3304 3311 690ec0-690ed4 3306->3311 3307->3306 3317 690eeb-690f0d 3311->3317 3318 690ed6-690ee3 3311->3318 3312->3231 3312->3285 3322 690e7b-690e7e call 682510 3313->3322 3323 690e83-690e87 3313->3323 3317->3242 3320 690f13 3317->3320 3318->3317 3324 690f1e-690f2b call 693030 3320->3324 3325 690f15-690f18 3320->3325 3322->3323 3323->3311 3335 690f78-690f82 3324->3335 3336 690f2d-690f63 3324->3336 3325->3242 3325->3324 3346 690bde-690bec call 6e33bf 3332->3346 3347 690bce-690bd9 3332->3347 3343 690c5f-690c7e call 692c50 3333->3343 3344 690c14-690c16 3333->3344 3340 690f84 3335->3340 3341 690f86-690fa4 call 68e790 call 691740 3335->3341 3336->3335 3339 690f65-690f68 3336->3339 3339->3235 3345 690f6e-690f73 3339->3345 3340->3341 3341->3242 3359 690caf-690cb4 3343->3359 3360 690c80-690c9a 3343->3360 3349 690c18-690c1e call 6fe960 3344->3349 3350 690c21-690c2d 3344->3350 3345->3237 3346->3333 3347->3346 3349->3350 3356 690c30-690c34 3350->3356 3356->3356 3362 690c36-690c4e call 70594f 3356->3362 3364 690ce2-690ceb 3359->3364 3365 690cb6-690ccd 3359->3365 3360->3359 3374 690c9c-690caa 3360->3374 3362->3343 3369 690c50-690c5c call 6fa3a0 3362->3369 3364->3247 3367 690ced-690d04 3364->3367 3365->3364 3377 690ccf-690cdd 3365->3377 3367->3247 3380 690d06-690d14 3367->3380 3369->3343 3374->3359 3377->3364 3380->3247
                                                                                                                                                                            APIs
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00690903
                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00690A26
                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00690A43
                                                                                                                                                                              • Part of subcall function 00682510: __EH_prolog3_catch.LIBCMT ref: 00682517
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00690B08
                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00690B50
                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00690B86
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00690B97
                                                                                                                                                                            • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00690BA4
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00690BC0
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00690BE1
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00690BF2
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00691017
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00691020
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockitstd::locale::_$DescriptorFreeLocalLocimp::_Lockit::_Security$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimpLocimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockNew_Stringstd::ios_base::_
                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 4127577005-3388121372
                                                                                                                                                                            • Opcode ID: b22314d69f6a3fbe884a504c4f4dc4ee2764479bbaed8d22172d92428b6ca81a
                                                                                                                                                                            • Instruction ID: dbf9810353c5e479c7ac511b2d8513b1ddacca163faee37e534256e9834b9d6d
                                                                                                                                                                            • Opcode Fuzzy Hash: b22314d69f6a3fbe884a504c4f4dc4ee2764479bbaed8d22172d92428b6ca81a
                                                                                                                                                                            • Instruction Fuzzy Hash: 0D328A70900258CFDF14DFA8C845BEDBBB5AF08304F1441A9E949AB392DB75AE84CF95
                                                                                                                                                                            Function 006A59AA Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 407COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 3495 6a59aa-6a5b7a call 6a6440 call 699180 3508 6a5b7f-6a5b81 3495->3508 3509 6a5b7a call 699180 3495->3509 3510 6a5b83-6a5b8d 3508->3510 3511 6a5bc4-6a5be0 call 6811f3 3508->3511 3509->3508 3512 6a5c8d-6a5ccd call 6a6440 3510->3512 3513 6a5b93-6a5ba5 3510->3513 3522 6a5cfc-6a5d06 3511->3522 3523 6a5be6-6a5c59 call 689bb0 call 689940 call 681b84 call 681be0 call 68b8a0 call 6e2bfd 3511->3523 3524 6a5db3-6a5dc0 3512->3524 3525 6a5cd3-6a5cd8 3512->3525 3515 6a5bab-6a5bbf 3513->3515 3516 6a5c83-6a5c8a call 6f8375 3513->3516 3515->3516 3516->3512 3526 6a5d3a-6a5d67 call 6a6440 3522->3526 3527 6a5d08-6a5d1a 3522->3527 3523->3512 3607 6a5c5b-6a5c6d 3523->3607 3532 6a5dc9-6a5dce 3524->3532 3533 6a5dc2-6a5dc7 3524->3533 3530 6a5cda 3525->3530 3531 6a5cdc-6a5cf7 call 6fa3a0 3525->3531 3548 6a5d78-6a5d82 3526->3548 3549 6a5d69-6a5d73 call 69aad0 3526->3549 3534 6a5d1c-6a5d2a 3527->3534 3535 6a5d30-6a5d37 call 6f8375 3527->3535 3530->3531 3553 6a5e8e-6a5e98 3531->3553 3539 6a5dd1-6a5de5 3532->3539 3533->3539 3534->3535 3535->3526 3545 6a5e30-6a5e32 3539->3545 3546 6a5de7-6a5dec 3539->3546 3556 6a5e64-6a5e86 3545->3556 3557 6a5e34-6a5e62 call 6f8713 3545->3557 3554 6a5df2-6a5dfd call 6f8713 3546->3554 3555 6a6085 Concurrency::cancel_current_task 3546->3555 3548->3512 3552 6a5d88-6a5d94 3548->3552 3549->3548 3552->3516 3560 6a5d9a-6a5dae 3552->3560 3562 6a5e9a-6a5ea6 3553->3562 3563 6a5ec6-6a5eee call 699980 3553->3563 3564 6a608a call 6fd60f 3554->3564 3578 6a5e03-6a5e2e 3554->3578 3555->3564 3561 6a5e8c 3556->3561 3557->3561 3560->3516 3561->3553 3569 6a5ea8-6a5eb6 3562->3569 3570 6a5ebc-6a5ec3 call 6f8375 3562->3570 3582 6a5f7f 3563->3582 3583 6a5ef4-6a5f34 call 6a6440 3563->3583 3576 6a608f-6a60aa call 6fd60f 3564->3576 3569->3564 3569->3570 3570->3563 3591 6a60d8-6a60fc call 6a67b0 3576->3591 3592 6a60ac-6a60b6 3576->3592 3578->3561 3585 6a5f82-6a5f93 GetModuleHandleW 3582->3585 3594 6a5f36-6a5f40 call 69aad0 3583->3594 3595 6a5f45-6a5f4f 3583->3595 3589 6a5fd1 3585->3589 3590 6a5f95-6a5fa5 GetProcAddress 3585->3590 3596 6a5fd3-6a605c call 6a6440 call 6836db call 68372a * 3 call 6f8367 3589->3596 3590->3589 3599 6a5fa7-6a5fc5 GetCurrentProcess 3590->3599 3614 6a60fe-6a6106 3591->3614 3615 6a6144-6a6149 3591->3615 3600 6a60b8-6a60c6 3592->3600 3601 6a60ce-6a60d5 call 6f8375 3592->3601 3594->3595 3595->3585 3604 6a5f51-6a5f5d 3595->3604 3599->3589 3635 6a5fc7-6a5fcb 3599->3635 3608 6a60cc 3600->3608 3609 6a61d4-6a61d9 call 6fd60f 3600->3609 3601->3591 3611 6a5f5f-6a5f6d 3604->3611 3612 6a5f73-6a5f7d call 6f8375 3604->3612 3607->3516 3617 6a5c6f-6a5c7d 3607->3617 3608->3601 3611->3576 3611->3612 3612->3585 3623 6a6108-6a610c 3614->3623 3624 6a613d 3614->3624 3619 6a614b-6a6151 3615->3619 3620 6a618f-6a6197 3615->3620 3617->3516 3626 6a6188 3619->3626 3627 6a6153-6a6157 3619->3627 3632 6a6199-6a61a2 3620->3632 3633 6a61c0-6a61d3 3620->3633 3630 6a611b-6a6120 3623->3630 3631 6a610e-6a6115 SysFreeString 3623->3631 3624->3615 3626->3620 3636 6a6159-6a6160 SysFreeString 3627->3636 3637 6a6166-6a616b 3627->3637 3639 6a6132-6a613a call 6f8375 3630->3639 3640 6a6122-6a612b call 6f874c 3630->3640 3631->3630 3641 6a61b6-6a61bd call 6f8375 3632->3641 3642 6a61a4-6a61b2 3632->3642 3635->3589 3644 6a5fcd-6a5fcf 3635->3644 3636->3637 3646 6a617d-6a6185 call 6f8375 3637->3646 3647 6a616d-6a6176 call 6f874c 3637->3647 3639->3624 3640->3639 3641->3633 3642->3609 3643 6a61b4 3642->3643 3643->3641 3644->3596 3646->3626 3647->3646
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A6067
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A6085
                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 006A610F
                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 006A615A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                            • String ID: )$0u$4u$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                            • API String ID: 3597043392-2201473816
                                                                                                                                                                            • Opcode ID: bc28615a43ee545ff52f603597f803a3656fe7d1760d6400f23622f0ea38ccb2
                                                                                                                                                                            • Instruction ID: 06c9e8d66d7d4a4870c41c7ee08d63a65932f4196bef33226b4e9d9e5340eddc
                                                                                                                                                                            • Opcode Fuzzy Hash: bc28615a43ee545ff52f603597f803a3656fe7d1760d6400f23622f0ea38ccb2
                                                                                                                                                                            • Instruction Fuzzy Hash: D1E1D2719007449FEB18EFA8C94879DBBB6AF46300F24425CE406AB3D2DB789E84CF55
                                                                                                                                                                            Function 006B6560 Relevance: 25.7, APIs: 14, Strings: 3, Instructions: 211memoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 4028 6b6560-6b658d 4029 6b6599-6b659e 4028->4029 4030 6b658f-6b6592 GlobalFree 4028->4030 4031 6b65aa-6b65af 4029->4031 4032 6b65a0-6b65a3 GlobalFree 4029->4032 4030->4029 4033 6b65bb-6b65c8 4031->4033 4034 6b65b1-6b65b4 GlobalFree 4031->4034 4032->4031 4036 6b65ce-6b65d3 4033->4036 4037 6b668c 4033->4037 4034->4033 4038 6b65d9-6b65de 4036->4038 4039 6b66cd-6b66d1 4036->4039 4040 6b668e-6b6693 4037->4040 4043 6b65ea-6b65ec 4038->4043 4044 6b65e0-6b65e3 GlobalFree 4038->4044 4041 6b66dd-6b66ef 4039->4041 4042 6b66d3-6b66d7 4039->4042 4045 6b669f-6b66a4 4040->4045 4046 6b6695-6b6698 GlobalFree 4040->4046 4048 6b66fd-6b6704 4041->4048 4049 6b66f1-6b66fb 4041->4049 4042->4041 4047 6b67d0-6b67d2 4042->4047 4050 6b662b-6b6633 4043->4050 4051 6b65ee-6b65f0 4043->4051 4044->4043 4052 6b66b0-6b66b6 4045->4052 4053 6b66a6-6b66a9 GlobalFree 4045->4053 4046->4045 4047->4040 4058 6b670b-6b672a 4048->4058 4049->4058 4056 6b663f-6b6641 4050->4056 4057 6b6635-6b6638 GlobalFree 4050->4057 4059 6b65f3-6b65fc 4051->4059 4054 6b66bb-6b66cc call 6f8367 4052->4054 4055 6b66b8-6b66b9 GlobalFree 4052->4055 4053->4052 4055->4054 4056->4047 4061 6b6647-6b664c 4056->4061 4057->4056 4058->4037 4068 6b6730-6b676b 4058->4068 4059->4059 4062 6b65fe-6b6618 GlobalAlloc 4059->4062 4064 6b6650-6b6659 4061->4064 4062->4037 4066 6b661a-6b6629 call 6fd660 4062->4066 4064->4064 4067 6b665b-6b6675 GlobalAlloc 4064->4067 4066->4037 4066->4050 4067->4037 4071 6b6677-6b6686 call 6fd660 4067->4071 4076 6b676d-6b6779 4068->4076 4077 6b6794-6b6798 4068->4077 4071->4037 4071->4047 4078 6b677b-6b677e GlobalFree 4076->4078 4079 6b6781-6b6786 4076->4079 4080 6b679a-6b67a9 call 6b6a70 call 6b6af0 4077->4080 4081 6b67ae-6b67ba 4077->4081 4078->4079 4079->4037 4082 6b678c-6b678f GlobalFree 4079->4082 4080->4081 4084 6b67bc-6b67bf GlobalFree 4081->4084 4085 6b67c6-6b67cb 4081->4085 4082->4037 4084->4085 4085->4047 4087 6b67cd-6b67ce GlobalFree 4085->4087 4087->4047
                                                                                                                                                                            APIs
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B6590
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B65A1
                                                                                                                                                                            • GlobalFree.KERNEL32(00000101), ref: 006B65B2
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B65E1
                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,?), ref: 006B660D
                                                                                                                                                                            • GlobalFree.KERNEL32(00000101), ref: 006B6636
                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,?), ref: 006B666A
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B6696
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B66A7
                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 006B66B9
                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B677C
                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B678D
                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B67BD
                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B67CE
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Global$Free$Alloc
                                                                                                                                                                            • String ID: Temp$\$t$`ato
                                                                                                                                                                            • API String ID: 1780285237-3175491151
                                                                                                                                                                            • Opcode ID: 6e92534987e69981dceca9c5484db041a12141ece78f575fa6919cfc7c0ed45d
                                                                                                                                                                            • Instruction ID: 357ef8ecc1499273813007616fb7c5152ba301da1caf5fc03535a1ab5216cd17
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e92534987e69981dceca9c5484db041a12141ece78f575fa6919cfc7c0ed45d
                                                                                                                                                                            • Instruction Fuzzy Hash: 68713EB0E002199BDF109FA5CC84BEEB7B9AF04704F158169FC05AB391EB79D985CB64
                                                                                                                                                                            Function 0069CE00 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 545COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 4089 69ce00-69d2f7 call 6f8713 * 6 call 6e3b8a call 6fa920 * 2 call 6a1770 call 68bbb0 call 68bed0 4114 69d2f9-69d30e 4089->4114 4115 69d32e-69d3ac call 684300 * 5 call 68ba20 4089->4115 4116 69d310-69d31e 4114->4116 4117 69d324-69d32b call 6f8375 4114->4117 4141 69d3ae-69d3b4 4115->4141 4142 69d414-69d41d 4115->4142 4116->4117 4119 69d707-69d71d call 6fd60f call 699c10 4116->4119 4117->4115 4131 69d72d-69d730 4119->4131 4132 69d71f-69d72a call 6f8375 4119->4132 4132->4131 4145 69d3ed-69d412 4141->4145 4146 69d3b6-69d3c5 4141->4146 4143 69d41f-69d434 4142->4143 4144 69d454-69d46c call 6fa920 call 69ccb0 4142->4144 4147 69d44a-69d451 call 6f8375 4143->4147 4148 69d436-69d444 4143->4148 4162 69d471-69d481 4144->4162 4145->4144 4150 69d3dd-69d3ea call 6f8375 4146->4150 4151 69d3c7-69d3d5 4146->4151 4147->4144 4148->4147 4152 69d6f8 call 6fd60f 4148->4152 4150->4145 4151->4152 4155 69d3db 4151->4155 4161 69d6fd call 6834d0 4152->4161 4155->4150 4167 69d702 call 6834d0 4161->4167 4164 69d4d8-69d4e9 4162->4164 4165 69d483-69d494 4162->4165 4166 69d4ef-69d4f5 4164->4166 4164->4167 4165->4161 4168 69d49a-69d4a0 4165->4168 4169 69d4f9-69d4fd 4166->4169 4170 69d4f7 4166->4170 4167->4119 4172 69d4a2 4168->4172 4173 69d4a4-69d4a8 4168->4173 4174 69d4ff 4169->4174 4175 69d501-69d522 call 6840e8 4169->4175 4170->4169 4172->4173 4176 69d4aa 4173->4176 4177 69d4ac-69d4d6 call 6840e8 4173->4177 4174->4175 4182 69d527-69d52f 4175->4182 4176->4177 4177->4182 4183 69d531-69d537 4182->4183 4184 69d597-69d59f 4182->4184 4187 69d539-69d548 4183->4187 4188 69d56a-69d594 4183->4188 4185 69d5a1-69d5b3 4184->4185 4186 69d5f0-69d5f9 4184->4186 4185->4186 4189 69d5b5-69d5ca 4185->4189 4190 69d63b-69d689 call 689bb0 call 689940 call 681b84 call 684200 4186->4190 4191 69d5fb-69d604 4186->4191 4192 69d54a-69d558 4187->4192 4193 69d560-69d567 call 6f8375 4187->4193 4188->4184 4196 69d5cc-69d5da 4189->4196 4197 69d5e0-69d5ed call 6f8375 4189->4197 4214 69d68b 4190->4214 4215 69d68d-69d6f7 call 684190 call 68b8a0 call 6e2bfd call 69d740 call 6f8367 4190->4215 4191->4190 4198 69d606-69d61b 4191->4198 4192->4119 4199 69d55e 4192->4199 4193->4188 4196->4119 4196->4197 4197->4186 4203 69d61d-69d62b 4198->4203 4204 69d631-69d638 call 6f8375 4198->4204 4199->4193 4203->4119 4203->4204 4204->4190 4214->4215
                                                                                                                                                                            APIs
                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 0069D1E6
                                                                                                                                                                              • Part of subcall function 0068BBB0: std::locale::_Init.LIBCPMT ref: 0068BBFC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069D6C4
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                            • String ID: $+t$$u$.servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$<u$@u$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$`u$https://$u$*t
                                                                                                                                                                            • API String ID: 655687434-893945622
                                                                                                                                                                            • Opcode ID: 74d6c2274b6afb7d639532419c1014f46a55a60e2713c46fa1bd4bca287c2b28
                                                                                                                                                                            • Instruction ID: 1cc5268b32cb754ed2d3d8b893e43f2ecabbcc4b3eaac1933d2d25c10b70718d
                                                                                                                                                                            • Opcode Fuzzy Hash: 74d6c2274b6afb7d639532419c1014f46a55a60e2713c46fa1bd4bca287c2b28
                                                                                                                                                                            • Instruction Fuzzy Hash: A1429D709007458FEB18DF28DD45BA9B7B5BF44308F0086EDE548AB652EBB4AAC4CF54
                                                                                                                                                                            Function 0069E380 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E4A1
                                                                                                                                                                              • Part of subcall function 0069DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069DF0C
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069E3DE
                                                                                                                                                                              • Part of subcall function 0069E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E161
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069E4FB
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E665
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E6F8
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                            • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]$`u$`u]
                                                                                                                                                                            • API String ID: 1670716954-3784501590
                                                                                                                                                                            • Opcode ID: 72351cc6cf801d44754ed5772bb2fd6c386b5e2f342b470a72a9b5e8c23a1757
                                                                                                                                                                            • Instruction ID: faed4da53b8dc72fae88c0a8fa5603f8b514ade00e71ba36674e575687df8bed
                                                                                                                                                                            • Opcode Fuzzy Hash: 72351cc6cf801d44754ed5772bb2fd6c386b5e2f342b470a72a9b5e8c23a1757
                                                                                                                                                                            • Instruction Fuzzy Hash: CC91CF719002589BDF54EF64DC42BEEB3BAEF15310F0041ADE806A7781EB756A48CFA5
                                                                                                                                                                            Function 006A5A23 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A6085
                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 006A610F
                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 006A615A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: )$0u$4u$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                            • API String ID: 2663709405-2201473816
                                                                                                                                                                            • Opcode ID: 4b400af111536663932c60acbd10bfff76d2915aaa55b370c49c92612228e958
                                                                                                                                                                            • Instruction ID: 41aa0b5385a35afbad7edf47f12b4634a903c28468410e8e8bdcaa07a8e1d747
                                                                                                                                                                            • Opcode Fuzzy Hash: 4b400af111536663932c60acbd10bfff76d2915aaa55b370c49c92612228e958
                                                                                                                                                                            • Instruction Fuzzy Hash: BEB1B2719103489FEF18EFA4C94879DBBB2AF46304F24825CE405AB392D7B99E84CF55
                                                                                                                                                                            Function 00694200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,3536BAD2,?,?), ref: 00694257
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?), ref: 006942BC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006942F2
                                                                                                                                                                            • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00694367
                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00694375
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069440A
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?), ref: 0069455B
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            • Filename for process with id , xrefs: 006944B0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                            • String ID: Filename for process with id
                                                                                                                                                                            • API String ID: 563014942-4200337779
                                                                                                                                                                            • Opcode ID: c8a5b64faeb369e947c8813a37acb3c087fa4e7ae37b90d8ffa4aa8fe36d74a5
                                                                                                                                                                            • Instruction ID: 0751b7c9720e6fcaefe0da937b544ae93d3582457cd73a6188bcf286fb81bb95
                                                                                                                                                                            • Opcode Fuzzy Hash: c8a5b64faeb369e947c8813a37acb3c087fa4e7ae37b90d8ffa4aa8fe36d74a5
                                                                                                                                                                            • Instruction Fuzzy Hash: 7BD19DB0C102199BDF20EFA4DC45BEEB7BAFF44304F10466DE409A7681EB746A49CB95
                                                                                                                                                                            Function 007200DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0071FE25: CreateFileW.KERNEL32(00000000,00000000,?,00720187,?,?,00000000,?,00720187,00000000,0000000C), ref: 0071FE42
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 007201F2
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 007201F9
                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00720205
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0072020F
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00720218
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00720238
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00720385
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 007203B7
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 007203BE
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                            • String ID: isq
                                                                                                                                                                            • API String ID: 4237864984-2606187042
                                                                                                                                                                            • Opcode ID: 777823b0c0f4d290ab730a98fd1691fce8038e3da3cad2c1ba4483a7e501c669
                                                                                                                                                                            • Instruction ID: 4452c661b5ec2bef516fa9a21a7725e39ad66014684c595dd4943005a3d7caa7
                                                                                                                                                                            • Opcode Fuzzy Hash: 777823b0c0f4d290ab730a98fd1691fce8038e3da3cad2c1ba4483a7e501c669
                                                                                                                                                                            • Instruction Fuzzy Hash: 69A12732A041588FCF19EF68EC557BD3BE1AB0A320F24415DE811EF2D2C7399852CBA5
                                                                                                                                                                            Function 00693D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00693E00
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00693F9C
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00693FCA
                                                                                                                                                                            Strings
                                                                                                                                                                            • UNKNOWN, xrefs: 00693DD2
                                                                                                                                                                            • Error retrieving session id for generating log name., xrefs: 00693E0B
                                                                                                                                                                            • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00693F81
                                                                                                                                                                            • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00693F97
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                            • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                            • API String ID: 1186403813-1860316991
                                                                                                                                                                            • Opcode ID: 3b7205e1da6a432c0363afbeda11af0a04cf100316e769b03a9b93ce1a83b193
                                                                                                                                                                            • Instruction ID: 9f70380ee08dd55f00b01bfb97d967d61ab791e062e2a148c6aeb404349e46d3
                                                                                                                                                                            • Opcode Fuzzy Hash: 3b7205e1da6a432c0363afbeda11af0a04cf100316e769b03a9b93ce1a83b193
                                                                                                                                                                            • Instruction Fuzzy Hash: 785192B1E002259FCF149FB4D8857AEBBBAFF44310F204629E516D7B90D7749A40CB95
                                                                                                                                                                            Function 006F9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,006A4AA5,006A4AA7,00000000,00000000,3536BAD2,?,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5,?), ref: 006F9989
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,006A4AA5,?,00000000,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5), ref: 006F9A04
                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 006F9A0F
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A38
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A42
                                                                                                                                                                            • GetLastError.KERNEL32(80070057,3536BAD2,?,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5,?), ref: 006F9A47
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A5A
                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5,?), ref: 006F9A70
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A83
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1353541977-0
                                                                                                                                                                            • Opcode ID: 8976ce45dd4bdffc881da1a11fa639189204b9b8598444287f37099c68695b53
                                                                                                                                                                            • Instruction ID: 1bdecaf69975a2f9bac50704c990a7b85be027bac8059bfb79e82f0e8debd016
                                                                                                                                                                            • Opcode Fuzzy Hash: 8976ce45dd4bdffc881da1a11fa639189204b9b8598444287f37099c68695b53
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C411771A0020D9FD700DF68CC45BBEBBAAAB45750F10462EF615E7391DB759800CBB8
                                                                                                                                                                            Function 0069EEC0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0069CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069CDBB
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0069F0FC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F268
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F307
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$`u
                                                                                                                                                                            • API String ID: 1722207485-751536561
                                                                                                                                                                            • Opcode ID: 4c4719568cd803a085049eb7e6edda7745a7450dfcd8fee171022c16249ce960
                                                                                                                                                                            • Instruction ID: d296a8552c07f111a89c2ae237bec86d0d17d99493c37235d0b4e47a8419ce38
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c4719568cd803a085049eb7e6edda7745a7450dfcd8fee171022c16249ce960
                                                                                                                                                                            • Instruction Fuzzy Hash: 78C1D0B0D002189BCF54EFA4CC55BEEB7BAAF05310F1042ADE416A7781EB746E45CBA5
                                                                                                                                                                            Function 00689C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0068E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0068E36C
                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 00689DD4
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0068A06D
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                            • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                            • API String ID: 239504998-2017128786
                                                                                                                                                                            • Opcode ID: 3bade0931a67e58a93ce62e983af911107cab5b6a8c5f054feeeb023f2d14afe
                                                                                                                                                                            • Instruction ID: 13a552de44e3ccfbadf3502deeac5ab899845fda5a032194f929de3d645d61ee
                                                                                                                                                                            • Opcode Fuzzy Hash: 3bade0931a67e58a93ce62e983af911107cab5b6a8c5f054feeeb023f2d14afe
                                                                                                                                                                            • Instruction Fuzzy Hash: AAC1BDB1D002099FDB04EFA4C945BEEBBF1BF49304F24425DE406A7391EB75AA44CB95
                                                                                                                                                                            Function 0069E0D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E161
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 0069E278
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E351
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to open HTTP session for AWS, xrefs: 0069E327
                                                                                                                                                                            • Event Sender already initialized for AWS, xrefs: 0069E137
                                                                                                                                                                            • WinHttpCrackUrl failed for AWS: , xrefs: 0069E268
                                                                                                                                                                            • `u, xrefs: 0069E30E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                            • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS: $`u
                                                                                                                                                                            • API String ID: 2211357200-2306398276
                                                                                                                                                                            • Opcode ID: 6e364e06cfdeb11cc2ff4d8f5916625a6f3adb179049e6add5714cbb49b36c4e
                                                                                                                                                                            • Instruction ID: 2525f4c638d5adddee98e94397820cc666634972c82be43209c19386e6b0af41
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e364e06cfdeb11cc2ff4d8f5916625a6f3adb179049e6add5714cbb49b36c4e
                                                                                                                                                                            • Instruction Fuzzy Hash: E46193709007099BDF64EF60DC45BEAB7BAFB44315F00056DE51AA7380EBB46A48CFA5
                                                                                                                                                                            Function 00696D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 00696D7B
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00696F75
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00696F88
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                            • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                            • API String ID: 3676452600-816272291
                                                                                                                                                                            • Opcode ID: 19ea3fb66be5dd35de3093b724c3de3712550ff6f8282be3b2e278bf13ffdda6
                                                                                                                                                                            • Instruction ID: 986fde1518a3a4316da82087d982000d04edc787627849f6713adf0497b36b46
                                                                                                                                                                            • Opcode Fuzzy Hash: 19ea3fb66be5dd35de3093b724c3de3712550ff6f8282be3b2e278bf13ffdda6
                                                                                                                                                                            • Instruction Fuzzy Hash: D2619570900309CFDF45EF60C855BEEBBBAAF54300F5441ADE805AB381DBB59A48CBA5
                                                                                                                                                                            Function 0069DE80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069DF0C
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 0069DFD7
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E0A2
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            • `u, xrefs: 0069E05F
                                                                                                                                                                            • Unable to open HTTP session for Azure, xrefs: 0069E078
                                                                                                                                                                            • WinHttpCrackUrl failed for Azure: , xrefs: 0069DFC7
                                                                                                                                                                            • Event Sender already initialized for Azure, xrefs: 0069DEE2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                            • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure: $`u
                                                                                                                                                                            • API String ID: 2211357200-1734567533
                                                                                                                                                                            • Opcode ID: a3bf73f91b951efe64639c8ce6b224c011542ac6269c87c876dd9fc405a212ca
                                                                                                                                                                            • Instruction ID: e0de303f48e0a0abf14fce83f3883b58ee4186e7d69e76a85b53f1f7ab8a851b
                                                                                                                                                                            • Opcode Fuzzy Hash: a3bf73f91b951efe64639c8ce6b224c011542ac6269c87c876dd9fc405a212ca
                                                                                                                                                                            • Instruction Fuzzy Hash: D15171709007588FDB64EF60C855BEEB7BAFB04314F0046ADE84667790EBB46A48CF55
                                                                                                                                                                            Function 0069928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00698FB0: CoCreateGuid.OLE32(?), ref: 00698FC8
                                                                                                                                                                              • Part of subcall function 00698FB0: StringFromCLSID.OLE32(?,?), ref: 00698FE0
                                                                                                                                                                              • Part of subcall function 00698FB0: CoTaskMemFree.OLE32(?), ref: 00699138
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006993D1
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                            • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                            • API String ID: 598746661-2174109026
                                                                                                                                                                            • Opcode ID: a451883944e5633e4a29201b40dca2b5b5081547a3d1aab2185e2eb33189b7bb
                                                                                                                                                                            • Instruction ID: 20306577728f580e25a44562c9e81d511fc9d45fa7fa8febca671067a994fa4f
                                                                                                                                                                            • Opcode Fuzzy Hash: a451883944e5633e4a29201b40dca2b5b5081547a3d1aab2185e2eb33189b7bb
                                                                                                                                                                            • Instruction Fuzzy Hash: 54519F709002099EDF14EF64D851BED776AEF51300F50816DEC0A67681EBB4AA49CFB6
                                                                                                                                                                            Function 00695790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00695808
                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00695828
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00695830
                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00695839
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                            • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                            • API String ID: 1092183831-2777911605
                                                                                                                                                                            • Opcode ID: c600ecc3ae00004da23ad08e4fefd7650d2f24009bdf7bed54a13ecd08c76bba
                                                                                                                                                                            • Instruction ID: 953904aadb376838dacfeaa2004596a76a3853a7b7eadeb661640d07659e9066
                                                                                                                                                                            • Opcode Fuzzy Hash: c600ecc3ae00004da23ad08e4fefd7650d2f24009bdf7bed54a13ecd08c76bba
                                                                                                                                                                            • Instruction Fuzzy Hash: 3C21FF32D006288BEB129FA8D9447AEBBB9FB55351F0041A9EC02E7740EB748E008BD0
                                                                                                                                                                            Function 00684D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00684C8E: GetCurrentProcessId.KERNEL32 ref: 00684CA6
                                                                                                                                                                              • Part of subcall function 00684C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00684CB8
                                                                                                                                                                              • Part of subcall function 00684C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00684CD3
                                                                                                                                                                              • Part of subcall function 00684C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00684CE9
                                                                                                                                                                              • Part of subcall function 00684C8E: CloseHandle.KERNEL32(00000000), ref: 00684CFA
                                                                                                                                                                            • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00684D88
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00684DD0
                                                                                                                                                                              • Part of subcall function 0068136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006813A5
                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00684DFC
                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00684E0D
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00684D7F
                                                                                                                                                                            • SaBsi.cpp, xrefs: 00684DA9
                                                                                                                                                                            • CreateMutex failed: , xrefs: 00684DC2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                            • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                            • API String ID: 2598072538-1117126455
                                                                                                                                                                            • Opcode ID: f4ffeb35c93598b08c9d80957cfed7d674dc3d40a05e6a331f31f93ec751c8be
                                                                                                                                                                            • Instruction ID: 25694a36de6a472925cacb77803f0ec3b1fe737b7842e0aa0c02e74d3b09e7b3
                                                                                                                                                                            • Opcode Fuzzy Hash: f4ffeb35c93598b08c9d80957cfed7d674dc3d40a05e6a331f31f93ec751c8be
                                                                                                                                                                            • Instruction Fuzzy Hash: B0119130154302ABD720FF20D845BAA77EABF51712F004E2CB891972D1EFB49448CBAB
                                                                                                                                                                            Function 006BE580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • invalid input, xrefs: 006BE5A3
                                                                                                                                                                            • ak, xrefs: 006BE6A0
                                                                                                                                                                            • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 006BE5AA, 006BE6C3
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 006BE5AF, 006BE6C8
                                                                                                                                                                            • Unable to convert XML buffer into wide characters, xrefs: 006BE6BC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __cftoe
                                                                                                                                                                            • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$ak
                                                                                                                                                                            • API String ID: 4189289331-2404070668
                                                                                                                                                                            • Opcode ID: fb617a77d7c6479de87be897abafcd5b71ea06eadc89f33ea95c9cb42407c91a
                                                                                                                                                                            • Instruction ID: 5e837336f5d5be0cdb924e1fb4f900d9c29cce67e66f413ccbcfbf793f86919e
                                                                                                                                                                            • Opcode Fuzzy Hash: fb617a77d7c6479de87be897abafcd5b71ea06eadc89f33ea95c9cb42407c91a
                                                                                                                                                                            • Instruction Fuzzy Hash: FB41D1B1A00304AFC724EF68D852BEEF7E5BF18700F40456DE90A97281EBB5A9048794
                                                                                                                                                                            Function 0069CCB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069CDBB
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                            • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor$`u
                                                                                                                                                                            • API String ID: 539357862-3698495368
                                                                                                                                                                            • Opcode ID: 37e6e75b47e3e4b07f13930f51e53a85a298f4b2fdf9fbaf3ad0fd347009d2a2
                                                                                                                                                                            • Instruction ID: 6f6d2beeff87dc474b8d349aa3dddaaddd4268c631791f0a19adb9e520945c7e
                                                                                                                                                                            • Opcode Fuzzy Hash: 37e6e75b47e3e4b07f13930f51e53a85a298f4b2fdf9fbaf3ad0fd347009d2a2
                                                                                                                                                                            • Instruction Fuzzy Hash: 6F316F7195020D9ADF14EFA0C852BEEB7BAFF08300F50466DE406B3681EB745A08CF65
                                                                                                                                                                            Function 00685A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00685A59
                                                                                                                                                                              • Part of subcall function 00685C1E: CoCreateInstance.OLE32(0074D808,00000000,00000017,0075B024,00000000,3536BAD2,?,?,?,00000000,00000000,00000000,00728687,000000FF), ref: 00685C7A
                                                                                                                                                                              • Part of subcall function 00685C1E: OleRun.OLE32(00000000), ref: 00685C89
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00685B97
                                                                                                                                                                            Strings
                                                                                                                                                                            • Failed to set new option. Error , xrefs: 00685B26
                                                                                                                                                                            • i, xrefs: 00685B5D
                                                                                                                                                                            • Failed to create Global Options object. Error , xrefs: 00685AA9
                                                                                                                                                                            • Activation option is set successfuly, xrefs: 00685B69
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                            • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                            • API String ID: 1362393928-3233122435
                                                                                                                                                                            • Opcode ID: ac2039f02c6a399279848ea69f324f2037c9c2a25f66c730df181125e6f464e6
                                                                                                                                                                            • Instruction ID: ced53a67d34852d284e188b91d0fedd46d42fcb2836c190cf12304e20c97472a
                                                                                                                                                                            • Opcode Fuzzy Hash: ac2039f02c6a399279848ea69f324f2037c9c2a25f66c730df181125e6f464e6
                                                                                                                                                                            • Instruction Fuzzy Hash: CF314B30A102198BDF44FBA0CC62BFDB776AF10301F4046ACE50267281EB745A09CFA6
                                                                                                                                                                            Function 006A4B40 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 562COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A5182
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A521E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                            • String ID: 8u$Invalid arguements passed to AddDimension$N
                                                                                                                                                                            • API String ID: 4106036149-594746710
                                                                                                                                                                            • Opcode ID: 3daf852c2e232a69b8030949dde078006202583b4eeb2acdf089a42dab62b997
                                                                                                                                                                            • Instruction ID: e76fe4456eabbad1d2e5578230e97f8dca94382f1c38bd72b654f868f76f77c7
                                                                                                                                                                            • Opcode Fuzzy Hash: 3daf852c2e232a69b8030949dde078006202583b4eeb2acdf089a42dab62b997
                                                                                                                                                                            • Instruction Fuzzy Hash: 4732C1709002489FDB24DF64C844BADBBF2BF46304F14829DE459AB392DBB5AD84CF81
                                                                                                                                                                            Function 007022D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __allrem.LIBCMT ref: 00702461
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0070247D
                                                                                                                                                                            • __allrem.LIBCMT ref: 00702494
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007024B2
                                                                                                                                                                            • __allrem.LIBCMT ref: 007024C9
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007024E7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                            • Opcode ID: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                            • Instruction ID: 8caa877af83042d84a78da417d22ae17275d2ee594bd6183500eb425d3660353
                                                                                                                                                                            • Opcode Fuzzy Hash: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E810873600716DBE7209E2CCC85B6AB3EAAF40720F14432DF515D72C2E778E9428754
                                                                                                                                                                            Function 006B8650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 006B882F
                                                                                                                                                                            Strings
                                                                                                                                                                            • $+t, xrefs: 006B87F3
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 006B8AF6
                                                                                                                                                                            • *t, xrefs: 006B89A7
                                                                                                                                                                            • Failed to create log message string. Error 0x, xrefs: 006B89CF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Initstd::locale::_
                                                                                                                                                                            • String ID: $+t$Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp$*t
                                                                                                                                                                            • API String ID: 1620887387-1701879130
                                                                                                                                                                            • Opcode ID: 0161bbc8096530d78d8c2cd1535910387c1ae83358a2c9946fdde883defbc203
                                                                                                                                                                            • Instruction ID: f687919f699055e89566c05f0e65e79b4799a1af39aa769a8a802f622f31f224
                                                                                                                                                                            • Opcode Fuzzy Hash: 0161bbc8096530d78d8c2cd1535910387c1ae83358a2c9946fdde883defbc203
                                                                                                                                                                            • Instruction Fuzzy Hash: 25E14CB0E00259DFDB24CF68C885BDDB7B6BF48304F1481A9E909A7381DB75AA85CF51
                                                                                                                                                                            Function 006907C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 0069085F
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00690903
                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00690A26
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00691020
                                                                                                                                                                            Strings
                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 006908FE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                            • API String ID: 4147401711-3078421892
                                                                                                                                                                            • Opcode ID: c8492cd1d2b19cbb6b380cee8fa4b925708ece30acd4295e018bc7d403aa8309
                                                                                                                                                                            • Instruction ID: cb18ead2b88c4aa3f49344a18e491078a72c65b024bbadd69bd6b254b6adf306
                                                                                                                                                                            • Opcode Fuzzy Hash: c8492cd1d2b19cbb6b380cee8fa4b925708ece30acd4295e018bc7d403aa8309
                                                                                                                                                                            • Instruction Fuzzy Hash: 146106719002588FEF14DF64CC857EEB7BAAF45304F10419DE5099BB91D774AA84CB94
                                                                                                                                                                            Function 00687F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __Xtime_get_ticks.LIBCPMT ref: 00687FAA
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00687FBC
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00687FD0
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00687FE2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                            • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                            • API String ID: 3638035285-2843400524
                                                                                                                                                                            • Opcode ID: c50a1b888380e413306b174814cd247f170ca221eed065445077bbb424c48fc0
                                                                                                                                                                            • Instruction ID: 802954bec81a9256ef90dcda28fcbf5cb84afbfb67f97bc24afe3673c3f69b95
                                                                                                                                                                            • Opcode Fuzzy Hash: c50a1b888380e413306b174814cd247f170ca221eed065445077bbb424c48fc0
                                                                                                                                                                            • Instruction Fuzzy Hash: D5316271E40218AFDB50EBA4CC46FAEB7B9EB44710F504229F505AB381DB786905C795
                                                                                                                                                                            Function 00724DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                            • API String ID: 0-2843747179
                                                                                                                                                                            • Opcode ID: 59e3b765187163cf23d3924a71c5c46f6bb26b8b98b9c8a8f1c725882dab2f2c
                                                                                                                                                                            • Instruction ID: 895a1582b0735065677c6b67af6f2c1b9725f0be0b18a3ffd5c9177bb556350e
                                                                                                                                                                            • Opcode Fuzzy Hash: 59e3b765187163cf23d3924a71c5c46f6bb26b8b98b9c8a8f1c725882dab2f2c
                                                                                                                                                                            • Instruction Fuzzy Hash: 45D1B172D00228DFDF10EFE4DC85AEEB7B9EF09310F540529E915A7281E734AA45CBA1
                                                                                                                                                                            Function 006C39A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,3536BAD2,00000000,00000001), ref: 006C39FC
                                                                                                                                                                              • Part of subcall function 006C2820: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,3536BAD2,?,?,?), ref: 006C28AC
                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 006C3D36
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseInfoOpenQuery
                                                                                                                                                                            • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                            • API String ID: 2142960691-1550987622
                                                                                                                                                                            • Opcode ID: 254002b8feb9635a8b6023055ecf98ab616f0d3085d7a81e44f6c72c3b9950ef
                                                                                                                                                                            • Instruction ID: 3f33fe008d801caf6fe7ee8894efbea3d63152696b5512c90cb66450c54f8730
                                                                                                                                                                            • Opcode Fuzzy Hash: 254002b8feb9635a8b6023055ecf98ab616f0d3085d7a81e44f6c72c3b9950ef
                                                                                                                                                                            • Instruction Fuzzy Hash: 5FB16C71A002589FCB24DB64CD49BEEB7BAEF45304F1441DDE409AB291DB74AB88CF61
                                                                                                                                                                            Function 006BFBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0075BFD0,00000000,0075BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0075BFD0,00000000,3536BAD2), ref: 006BFC1D
                                                                                                                                                                            Strings
                                                                                                                                                                            • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 006BFC99
                                                                                                                                                                            • Destination directory does not exist, xrefs: 006BFC8F
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 006BFC9E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                            • String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                            • API String ID: 3188754299-3555079292
                                                                                                                                                                            • Opcode ID: 2458752a1f68dccbecd25dd31079f60bcb9fb9f94210ff7f04fc7fc8cc132b2f
                                                                                                                                                                            • Instruction ID: 82d703a2a96f242ccf1a3b07c528584fd34a8958386ccfd7a08ddf876b7efa96
                                                                                                                                                                            • Opcode Fuzzy Hash: 2458752a1f68dccbecd25dd31079f60bcb9fb9f94210ff7f04fc7fc8cc132b2f
                                                                                                                                                                            • Instruction Fuzzy Hash: AC212FB5E0021CAFCB00DFA8D841AEEBBF5AB48714F51426AFC15A3291D7749A85CB94
                                                                                                                                                                            Function 006ACC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 006ACCBB
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006ACCEC
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                            • String ID: Pu$Unable to set proxy option, error:
                                                                                                                                                                            • API String ID: 879576418-1515699753
                                                                                                                                                                            • Opcode ID: a32f72cafb3e4d291641d525beb9a8c46a256ab9aefb39921c2d01f2e458fc95
                                                                                                                                                                            • Instruction ID: 5877e22eae179efc74bcc9bf8494b248659003c41cf7f00694942f27a5890715
                                                                                                                                                                            • Opcode Fuzzy Hash: a32f72cafb3e4d291641d525beb9a8c46a256ab9aefb39921c2d01f2e458fc95
                                                                                                                                                                            • Instruction Fuzzy Hash: 4C315E71A10319DFEB64EF54DC05BEEB7BAFB04710F00866DE815A7290EB746A04CB65
                                                                                                                                                                            Function 0068DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0068E367
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                            • API String ID: 0-3078421892
                                                                                                                                                                            • Opcode ID: bfcd9798296aaf7fdad1851041e1ea6b854fc6f93a335ce855e8c29c385f3597
                                                                                                                                                                            • Instruction ID: fb44bc170e221b517a6b29e25e2f9afb6f658b6c9046d8568701208bfac53488
                                                                                                                                                                            • Opcode Fuzzy Hash: bfcd9798296aaf7fdad1851041e1ea6b854fc6f93a335ce855e8c29c385f3597
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C22E471A002089BDB14EF68DC89BEDB7B6FF48304F10479DE409A7791DB75AA84CB94
                                                                                                                                                                            Function 0068E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0068E36C
                                                                                                                                                                            Strings
                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0068E367
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                            • API String ID: 3907675253-3078421892
                                                                                                                                                                            • Opcode ID: 36e4f457e39541d5413b8dec50907d7cc8808d64a10b0f61bbc81fae28ab526e
                                                                                                                                                                            • Instruction ID: 1534716dc20e3d60a168a925e0eb818d3bb1a3aa8b7eca80e5d4836f088eb5b4
                                                                                                                                                                            • Opcode Fuzzy Hash: 36e4f457e39541d5413b8dec50907d7cc8808d64a10b0f61bbc81fae28ab526e
                                                                                                                                                                            • Instruction Fuzzy Hash: 1381A2719012599BDB24EF24DC8CBDDB7B2EF85304F1042D9E008A7291EB7AAB84CF54
                                                                                                                                                                            Function 00715FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0071576D: GetConsoleCP.KERNEL32(?,006B860A,00000000), ref: 007157B5
                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,0076C218,3536BAD2,00000000,3536BAD2,006B860A,006B860A,006B860A,3536BAD2,00000000,?,0070591E,00000000,0076C218,00000010), ref: 00716129
                                                                                                                                                                            • GetLastError.KERNEL32(?,0070591E,00000000,0076C218,00000010,006B860A), ref: 00716133
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00716178
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 251514795-0
                                                                                                                                                                            • Opcode ID: 70efde12aadddd0aa217d020274cf8dea1c7501887dd758e2898c4c1767dbf16
                                                                                                                                                                            • Instruction ID: bb3d026d0ee5e448b5b35b35ea7a05f1a011bc6d58c1f0cfa710bad71db9f492
                                                                                                                                                                            • Opcode Fuzzy Hash: 70efde12aadddd0aa217d020274cf8dea1c7501887dd758e2898c4c1767dbf16
                                                                                                                                                                            • Instruction Fuzzy Hash: DF51C271A0010DAFEB159FACCC85FEE7BBAAF09354F140055E500AB1D2D638DD819761
                                                                                                                                                                            Function 0068E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,3536BAD2,0000005C,?,?,?,?,00000000,0072952D,000000FF,?,0068E09D), ref: 0068E681
                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,0072952D,000000FF,?,0068E09D), ref: 0068E738
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,0072952D,000000FF,?,0068E09D), ref: 0068E742
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 674977465-0
                                                                                                                                                                            • Opcode ID: 77bdb31db9016eafeb3ca00e78268cbbfc0bf53e8209dcf52582656f42a0a02b
                                                                                                                                                                            • Instruction ID: 90469edbba9906b0e841b0ef03fa10b9c54203118c2cfcd43568ec483bc8accf
                                                                                                                                                                            • Opcode Fuzzy Hash: 77bdb31db9016eafeb3ca00e78268cbbfc0bf53e8209dcf52582656f42a0a02b
                                                                                                                                                                            • Instruction Fuzzy Hash: 89311631A002089BDB14DF68E984BAEF7B6FF49715F10476DE40593790E7366904CBA4
                                                                                                                                                                            Function 006E1F70 Relevance: 4.6, APIs: 3, Instructions: 104encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 006E206C
                                                                                                                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(00000003,?,?,?), ref: 006E20A4
                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(?), ref: 006E20D0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CertCertificateChain$FreePolicyVerify
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1741975133-0
                                                                                                                                                                            • Opcode ID: 7867d3c26b979c86cb5b7412c66573e85edbd92a0c1ebec5c120299d29fb9849
                                                                                                                                                                            • Instruction ID: 8910bd74663218f6f439f59f645ac15337daf71d3a3ed2aca30cd37dca658450
                                                                                                                                                                            • Opcode Fuzzy Hash: 7867d3c26b979c86cb5b7412c66573e85edbd92a0c1ebec5c120299d29fb9849
                                                                                                                                                                            • Instruction Fuzzy Hash: 7C41CE701093859BD720CF54C894BEBBBE9FF89744F00081DF6889B290E775E588CB62
                                                                                                                                                                            Function 00716B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,006B860A,?,00716A9A,006B860A,0076C5B8,0000000C,00716B4C,0076C218), ref: 00716BC2
                                                                                                                                                                            • GetLastError.KERNEL32(?,00716A9A,006B860A,0076C5B8,0000000C,00716B4C,0076C218), ref: 00716BCC
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00716BF7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                            • Opcode ID: b2cc942b5aa3a06129499ea83073db4fb52950cfe18f89dfa1106a434acd0eaa
                                                                                                                                                                            • Instruction ID: 5ddc0ff485f3e26e80aeade8fcfce0bedf4fb206eb8d81f18182cefe7924ff0d
                                                                                                                                                                            • Opcode Fuzzy Hash: b2cc942b5aa3a06129499ea83073db4fb52950cfe18f89dfa1106a434acd0eaa
                                                                                                                                                                            • Instruction Fuzzy Hash: 0101447260E16066DB35633CA80ABFE275E8F82B34F34425CE919CB1C2DA2CDCC68191
                                                                                                                                                                            Function 007168F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,0071F765,00000008,00000000,?,?,?,007169A3,00000000,00000000,?,0071F765), ref: 0071692F
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,007169A3,00000000,00000000,?,0071F765,?,0071F765,?,00000000,00000000,00000001,?,00000008), ref: 00716939
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00716940
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                            • Opcode ID: 427e1b7c30db3779f413995a3c258f5cb1721ff388eb3d8cf8d7b67cd80a07be
                                                                                                                                                                            • Instruction ID: 1272919b94970498adc44104015293d3388ecec474eb46286a59334d7beb2238
                                                                                                                                                                            • Opcode Fuzzy Hash: 427e1b7c30db3779f413995a3c258f5cb1721ff388eb3d8cf8d7b67cd80a07be
                                                                                                                                                                            • Instruction Fuzzy Hash: E701D872614518AFCB059B9DDC459AE3B2AEB85330724020CF5119B1D0EB75ED818750
                                                                                                                                                                            Function 006D4C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: e80252d100960b3d9f21c8532ecc2d5f192e656837a1ec8f27a95ae33e8cb214
                                                                                                                                                                            • Instruction ID: 18b18c19712b75c62625d9c33b88a36fd430a81d4d38eff264d3b5f3e941a6a8
                                                                                                                                                                            • Opcode Fuzzy Hash: e80252d100960b3d9f21c8532ecc2d5f192e656837a1ec8f27a95ae33e8cb214
                                                                                                                                                                            • Instruction Fuzzy Hash: B1B012D5B7F202BE320811129D0AC37010FC6C1B10B31813FF805C014198D50C454071
                                                                                                                                                                            Function 006D4CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: 42b8f595cbcfc3d4593b62e3b60870edbc28b4cc72b9cc91525de53ce5f99827
                                                                                                                                                                            • Instruction ID: 5926b84dc4d7b5e12e9581e2c3f8ab1bd5cd56ce52cfe2a045e9cea3f41405b4
                                                                                                                                                                            • Opcode Fuzzy Hash: 42b8f595cbcfc3d4593b62e3b60870edbc28b4cc72b9cc91525de53ce5f99827
                                                                                                                                                                            • Instruction Fuzzy Hash: 5AB012C1B7F102BE324851069E06D37010FC2C2B10B31C03FF509C0241D8C50C024032
                                                                                                                                                                            Function 006D4CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: 4238379154db2f589e87f60fc9646438d44a2734b18168a599e46cb3f68a57b1
                                                                                                                                                                            • Instruction ID: 0c561730a6f0b3bd5530cb644b163372792d4fcc05fb64bc53803a461eae4f92
                                                                                                                                                                            • Opcode Fuzzy Hash: 4238379154db2f589e87f60fc9646438d44a2734b18168a599e46cb3f68a57b1
                                                                                                                                                                            • Instruction Fuzzy Hash: 35B012C1B7F102BE314851069D06E37012FE2C2B10B31803FF409C0241D8C40C018032
                                                                                                                                                                            Function 006D4CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: e75d49b28b36dac592c4c25f606bfd8096e81af8e7933991a394ae7f14fecb81
                                                                                                                                                                            • Instruction ID: 4fd1af5bc59d38cf4aa8d6f4db59899f8896661d50af76fd6962beae0c548ebd
                                                                                                                                                                            • Opcode Fuzzy Hash: e75d49b28b36dac592c4c25f606bfd8096e81af8e7933991a394ae7f14fecb81
                                                                                                                                                                            • Instruction Fuzzy Hash: A3B012C1B7F112FE3548510A9D06D37010FC2C2B10B31C03FF809C0241D8C40C014032
                                                                                                                                                                            Function 006D4CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: 32384e50f641110b676f657bc66d6f5e65228d017eb688b1bd48e4de9db37b3f
                                                                                                                                                                            • Instruction ID: c23837d486538d3f4ce62f2a6c296041a1df911562f13bd2df50bbc2c0f25204
                                                                                                                                                                            • Opcode Fuzzy Hash: 32384e50f641110b676f657bc66d6f5e65228d017eb688b1bd48e4de9db37b3f
                                                                                                                                                                            • Instruction Fuzzy Hash: 78B012C1B7F202BE324851069D06D37010FC2C2B10F31813FF809C0251D8C40C454032
                                                                                                                                                                            Function 006D4CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: e1faf836ab757d95c7d4f6c4ee2321fa9a7623134f677a49857111baac60d448
                                                                                                                                                                            • Instruction ID: 13a823aec2521eab7c6edc31b16c5415e088164069062d34ddfeb778c601a65e
                                                                                                                                                                            • Opcode Fuzzy Hash: e1faf836ab757d95c7d4f6c4ee2321fa9a7623134f677a49857111baac60d448
                                                                                                                                                                            • Instruction Fuzzy Hash: 90B012C1B7F2027E324851069D06C37010FD2C2B10B31C03FF609C12C1D8C50C024031
                                                                                                                                                                            Function 006D4CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: c7e9d2a5cea4192641c5eec08be0f00a825ee5ecad6612eceff2ef8a8203cc63
                                                                                                                                                                            • Instruction ID: 9904cba608a15ee05927a3f9fb023c172adb98a4edc96ac12a0f9424b54ff7d7
                                                                                                                                                                            • Opcode Fuzzy Hash: c7e9d2a5cea4192641c5eec08be0f00a825ee5ecad6612eceff2ef8a8203cc63
                                                                                                                                                                            • Instruction Fuzzy Hash: C4B012C1B7F112BE354851069C06C37010FC6C1B10B32C03FF809C0341D8D50C014031
                                                                                                                                                                            Function 006D4C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: b0639e813664f3e572e186126ed1f2a52b6dca7871ddee75fae5a031fa8416a3
                                                                                                                                                                            • Instruction ID: 30d05eb45def70fc8fd651106d2fbcd9fb01acca4901fdf8248439daa0de493f
                                                                                                                                                                            • Opcode Fuzzy Hash: b0639e813664f3e572e186126ed1f2a52b6dca7871ddee75fae5a031fa8416a3
                                                                                                                                                                            • Instruction Fuzzy Hash: 99B012C1B7F213BE35485106DC06C37010FC2C2B10B31D43FF909C1281D8C40C014031
                                                                                                                                                                            Function 006D4C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4C81
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: yt
                                                                                                                                                                            • API String ID: 1269201914-4251244651
                                                                                                                                                                            • Opcode ID: 4fe3cbbfab85af1d80567f79ede6144aca778830c3bb0e59b05cfafce558e785
                                                                                                                                                                            • Instruction ID: acb8c9a2537626bbcd2907967ce672ee9dac433f6498fcb7cbcfe533e4341e23
                                                                                                                                                                            • Opcode Fuzzy Hash: 4fe3cbbfab85af1d80567f79ede6144aca778830c3bb0e59b05cfafce558e785
                                                                                                                                                                            • Instruction Fuzzy Hash: 9BB012C1B7F3027E324851069C06C77010FC2C2B10B31813FF909C1281D8C40C454035
                                                                                                                                                                            Function 006D4D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 41392745a31e890e13b4aed13a3aed5f7770e4cb4c9bbc86288943db80c1e958
                                                                                                                                                                            • Instruction ID: 760e942a6a8c3dabe5a5b42b65da2663646d7f8fcb450a90087e70c1f5396446
                                                                                                                                                                            • Opcode Fuzzy Hash: 41392745a31e890e13b4aed13a3aed5f7770e4cb4c9bbc86288943db80c1e958
                                                                                                                                                                            • Instruction Fuzzy Hash: D8B012C177A2027D3648510A9C06C37021FC6C1B10330813FFC09C0341D8880C459031
                                                                                                                                                                            Function 006D4D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: f39c6cc7e36105170f04342dff60c196fa1d2e679c14657846213a9c493376a3
                                                                                                                                                                            • Instruction ID: bf0a0dd335950bcefd618a99b3fee995a9d884250f39b11f8e42b68b3c26c600
                                                                                                                                                                            • Opcode Fuzzy Hash: f39c6cc7e36105170f04342dff60c196fa1d2e679c14657846213a9c493376a3
                                                                                                                                                                            • Instruction Fuzzy Hash: 9DB012C177A202BD3948510A9C06C37021FC6C1B10330C03FFD09C0341D8880C019031
                                                                                                                                                                            Function 006D4D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 9d61294887d1572eb7748cf1ac01e129bfc67ac68aa0a9a18f29a5f637be74a5
                                                                                                                                                                            • Instruction ID: 10ae3559a3b161e1a38306f72dc389830124ceb3d93dd424296825d6c116ce71
                                                                                                                                                                            • Opcode Fuzzy Hash: 9d61294887d1572eb7748cf1ac01e129bfc67ac68aa0a9a18f29a5f637be74a5
                                                                                                                                                                            • Instruction Fuzzy Hash: 4BB012C17BA2067D3548510B9C06D37023FE6C1B10330803FF809C0341D8880C01D131
                                                                                                                                                                            Function 006D4D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 69065ceca2f692045e04b38af68b619a0816e34a682ceeb2e3da3464796dc76b
                                                                                                                                                                            • Instruction ID: 8be378a92213e8215a85a5fd9e43a6ae71f8128bcbaf52f962e4885ac028cd0d
                                                                                                                                                                            • Opcode Fuzzy Hash: 69065ceca2f692045e04b38af68b619a0816e34a682ceeb2e3da3464796dc76b
                                                                                                                                                                            • Instruction Fuzzy Hash: F6B012C177A102BD3948510A9C06C37021FC6C1B10330C03FFD09C0341D8880C059031
                                                                                                                                                                            Function 006D4D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 3859d94e10ff33d0b77ae3fd4b81f5ab97d5ac15056a280b259be9f00a95a4b2
                                                                                                                                                                            • Instruction ID: 3a2ed74af7780def334f61861ff9bd5cbd971bd5315bc46908f108f98886e41c
                                                                                                                                                                            • Opcode Fuzzy Hash: 3859d94e10ff33d0b77ae3fd4b81f5ab97d5ac15056a280b259be9f00a95a4b2
                                                                                                                                                                            • Instruction Fuzzy Hash: 35B012C177A202BD3A48510A9C06C37022FC6C1B10330C03FFC09C1345D8880C059031
                                                                                                                                                                            Function 006D4D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 1eb33c4ee68d9c577c9b128c31ca7fdae7fc7ea57ccb863c939580de11200eef
                                                                                                                                                                            • Instruction ID: 1a1c79eab0ecf170f4f883d502014a985a9978242afb9469cd53d19a2ca8212a
                                                                                                                                                                            • Opcode Fuzzy Hash: 1eb33c4ee68d9c577c9b128c31ca7fdae7fc7ea57ccb863c939580de11200eef
                                                                                                                                                                            • Instruction Fuzzy Hash: 85B012C177A1027D3A48510ADD06C37021FC6C1B20370C23FF90AC0341D8884C029035
                                                                                                                                                                            Function 006D4D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: a95d25798f7bd23b42813ebaaad467c0d859b40d77cc6ed0840800699c9b30b8
                                                                                                                                                                            • Instruction ID: de0bbc71cbdc130a10593e0cac099e8331babdb83dac0d387a5950cdb3e65f19
                                                                                                                                                                            • Opcode Fuzzy Hash: a95d25798f7bd23b42813ebaaad467c0d859b40d77cc6ed0840800699c9b30b8
                                                                                                                                                                            • Instruction Fuzzy Hash: 68B012C177A1027D3948510ADC06D37023FE6C1B20330823FF80AC0341D8884C01D035
                                                                                                                                                                            Function 006D4D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 62d4f8134fe2dab26e37ec241c0f0c366a5312996822f60101215badb4964e16
                                                                                                                                                                            • Instruction ID: 9d745e95fc88d75cceaaac1eb38ee6a5eaad79580f641e6dfb786dd867b9c8b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 62d4f8134fe2dab26e37ec241c0f0c366a5312996822f60101215badb4964e16
                                                                                                                                                                            • Instruction Fuzzy Hash: 67B092C166A102AD2948510A9806836021FC685B20330812AB80AC0341D8884C019035
                                                                                                                                                                            Function 006D4D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: d2dd7b7290b93f285306d19e69dd543aa68b53629a3b016cf1e2fd939233e365
                                                                                                                                                                            • Instruction ID: 90340b9c55e85367e649de97271422e317052e9fcaa7af810968d63ce4cdcb0d
                                                                                                                                                                            • Opcode Fuzzy Hash: d2dd7b7290b93f285306d19e69dd543aa68b53629a3b016cf1e2fd939233e365
                                                                                                                                                                            • Instruction Fuzzy Hash: 48B012C177A1027E3548510A9C06D37027FE6C1B10330803FF809C0341D8880C01D031
                                                                                                                                                                            Function 006D4D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 274690ab58991429f90607b4da5d4e7a0e3b647eeda9d4f7c25fe6a9b2011740
                                                                                                                                                                            • Instruction ID: f88684fefe0ed6a710ed931ea801a386012a2941264e3c635147cb00c12e55ac
                                                                                                                                                                            • Opcode Fuzzy Hash: 274690ab58991429f90607b4da5d4e7a0e3b647eeda9d4f7c25fe6a9b2011740
                                                                                                                                                                            • Instruction Fuzzy Hash: FDB012C177A2027D3A48510ADC06C37021FC6C1B20330823FFC0AC0341D8884C459035
                                                                                                                                                                            Function 006D4D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 0814e5f7c442d2f06672ffa0e3dcb3d382e2ac0d8f11053f05f2e47e587b5dfa
                                                                                                                                                                            • Instruction ID: 737e8fa59d8e79107a99cec6ffef330fbe53605fec446ecdfb8b7d6f42df0917
                                                                                                                                                                            • Opcode Fuzzy Hash: 0814e5f7c442d2f06672ffa0e3dcb3d382e2ac0d8f11053f05f2e47e587b5dfa
                                                                                                                                                                            • Instruction Fuzzy Hash: 69B012C177A1437D360811069D06C37021FC6C1B10330C03FF905D0242D8880C029031
                                                                                                                                                                            Function 006D4D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 75c7d56b9a8ef052c21cc803dee4d694fd5e423a417d1f7eec48a7e5aad82339
                                                                                                                                                                            • Instruction ID: 3a8fad93ebb2e2e982cfcc5a9bbdd81675f2dadf9d1985d75f129ab4dd00f200
                                                                                                                                                                            • Opcode Fuzzy Hash: 75c7d56b9a8ef052c21cc803dee4d694fd5e423a417d1f7eec48a7e5aad82339
                                                                                                                                                                            • Instruction Fuzzy Hash: 44B012C177A3027D3648510AAD06C37021FC6C1B10330C03FF909C0341D8880C029031
                                                                                                                                                                            Function 006D4D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4D1C
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID: `ato
                                                                                                                                                                            • API String ID: 1269201914-3307817267
                                                                                                                                                                            • Opcode ID: 3d526e399dea9006a276561d56842956ca6f66349892e321b0831650aff169ec
                                                                                                                                                                            • Instruction ID: c6655abb62b70d0375bb76f920f8a6b75dc527e937ab1db3fcbc907e5b6ef335
                                                                                                                                                                            • Opcode Fuzzy Hash: 3d526e399dea9006a276561d56842956ca6f66349892e321b0831650aff169ec
                                                                                                                                                                            • Instruction Fuzzy Hash: 52B012C177A302BD3A48510A9C06C37021FC6C1B10330813FFC09C0341D8880C45D031
                                                                                                                                                                            Function 006A4A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006A4AD2
                                                                                                                                                                            • SysFreeString.OLEAUT32(-00000001), ref: 006A4AFD
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeString_com_issue_error
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 709734423-0
                                                                                                                                                                            • Opcode ID: 10f51ad3eb912f9151ee916578f9632114060a01959ba28bb2049be06d726ed3
                                                                                                                                                                            • Instruction ID: b499d16606f8eb4bc889c704cc5dde7b925f9a679f84bd5e01e3cf285b638d2c
                                                                                                                                                                            • Opcode Fuzzy Hash: 10f51ad3eb912f9151ee916578f9632114060a01959ba28bb2049be06d726ed3
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21E7B19007159BD3209F54DC01B5AF7E9EF81B20F20462EE96597780DBF4A840CBA4
                                                                                                                                                                            Function 00715BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,006B860A,00000000,?,0071610D,006B860A,006B860A,00000000,0076C218,3536BAD2,006B860A), ref: 00715C8C
                                                                                                                                                                            • GetLastError.KERNEL32(?,0071610D,006B860A,006B860A,00000000,0076C218,3536BAD2,006B860A,006B860A,006B860A,3536BAD2,00000000,?,0070591E,00000000,0076C218), ref: 00715CB2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 442123175-0
                                                                                                                                                                            • Opcode ID: 7491bc0d738dd9a06222a8fad73a274ed45d153b1193d9ea1c30cfc8058792df
                                                                                                                                                                            • Instruction ID: f0d11c22df050e6df702829249434953c2d85ffd863fbae19f81fb8d9d9e7d1a
                                                                                                                                                                            • Opcode Fuzzy Hash: 7491bc0d738dd9a06222a8fad73a274ed45d153b1193d9ea1c30cfc8058792df
                                                                                                                                                                            • Instruction Fuzzy Hash: 39215131A00219DFDB19CF1DDC809E9B7BAEB98341F2441A9E946D7251D6349E828BA4
                                                                                                                                                                            Function 00689BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                            • InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 51270584-0
                                                                                                                                                                            • Opcode ID: 8942833970ae335f03ebe22af44393c6f2174fe044921355d61cda46c5209c83
                                                                                                                                                                            • Instruction ID: 5141e2a5bce865d1f60ad8d262d31b4cac6bd4eb13f7c95de8ee2baa476f3baa
                                                                                                                                                                            • Opcode Fuzzy Hash: 8942833970ae335f03ebe22af44393c6f2174fe044921355d61cda46c5209c83
                                                                                                                                                                            • Instruction Fuzzy Hash: B201C4B0A406499FEB50EF94DC0ABBAB3B9FB04B04F144629F515972C0DB795504CB55
                                                                                                                                                                            Function 006F99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,006A4AA5,?,00000000,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5), ref: 006F9A04
                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 006F9A0F
                                                                                                                                                                              • Part of subcall function 006FE960: _free.LIBCMT ref: 006FE973
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A38
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A42
                                                                                                                                                                            • GetLastError.KERNEL32(80070057,3536BAD2,?,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5,?), ref: 006F9A47
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A5A
                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,?,006FBE00,0076BF08,000000FE,?,006A4AA5,?), ref: 006F9A70
                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 006F9A83
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 878839965-0
                                                                                                                                                                            • Opcode ID: d0ed49b8f38eea42dfaf16de7e7f34d8806341ae3191dd0783283117202188c7
                                                                                                                                                                            • Instruction ID: 4bc8ecd3794e278585d7352695bb930b48f52d377ff449060cbc78b724eaab31
                                                                                                                                                                            • Opcode Fuzzy Hash: d0ed49b8f38eea42dfaf16de7e7f34d8806341ae3191dd0783283117202188c7
                                                                                                                                                                            • Instruction Fuzzy Hash: DB01AD72F0425C9FDB208FA59842BEEBBB9EF48721F000129EA0567390CB755800C7A4
                                                                                                                                                                            Function 006ADEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SHDeleteKeyW.SHLWAPI(?,0075BFD0,?,006ADE7B), ref: 006ADED6
                                                                                                                                                                            • RegCloseKey.KERNEL32(?,?,006ADE7B), ref: 006ADEE4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseDelete
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 453069226-0
                                                                                                                                                                            • Opcode ID: d424b8ff9b1976f0797656b5276076914f12c88abef530712343a9bdb044fa76
                                                                                                                                                                            • Instruction ID: 918927ace8fa232ed6737d04d1f3127d825dd19579bcc0ffc50ca69efd15e66b
                                                                                                                                                                            • Opcode Fuzzy Hash: d424b8ff9b1976f0797656b5276076914f12c88abef530712343a9bdb044fa76
                                                                                                                                                                            • Instruction Fuzzy Hash: FAE01A70604B519FE7309F29F808B83BBE8AB09711F14C84DE49AC7A90C7B8E844CF54
                                                                                                                                                                            Function 0068DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,3536BAD2,?,?), ref: 0068DF08
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0068E36C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4077199523-0
                                                                                                                                                                            • Opcode ID: 398b4c95daec15096a897b6976a9585154f02ad9572d1ec51122f0c9a4ab6dfd
                                                                                                                                                                            • Instruction ID: d96037c862b559cb4de628a45e8e3e321e4d2b93eef3a0fc244549ef5ef33b15
                                                                                                                                                                            • Opcode Fuzzy Hash: 398b4c95daec15096a897b6976a9585154f02ad9572d1ec51122f0c9a4ab6dfd
                                                                                                                                                                            • Instruction Fuzzy Hash: C7C1F231A002049BCB28EF68DC897ADB7B2FF85304F1087DDD44997691DB76AB84CB94
                                                                                                                                                                            Function 0071627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: aa5007626a243465583a69bcf118b91a9ef3b01b5fd0aedc4077763141f272e9
                                                                                                                                                                            • Instruction ID: adc0a49a6495beb4fc23dba956843804b94089b37ee923304bbdb91aaa94195c
                                                                                                                                                                            • Opcode Fuzzy Hash: aa5007626a243465583a69bcf118b91a9ef3b01b5fd0aedc4077763141f272e9
                                                                                                                                                                            • Instruction Fuzzy Hash: 5741D171A00108EFDB14DF5CC885AED7BA2EB89364F2981ACE4589B2D1D739DE81C751
                                                                                                                                                                            Function 0071732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                            • Opcode ID: 9b029c3d05b164804741f80434da25350c7cfcc515f117ff3195cf24aa855839
                                                                                                                                                                            • Instruction ID: c25d0083321406ab6fa6cd204c6b8a53bb7a98cef9edc97bb614ddaccc891553
                                                                                                                                                                            • Opcode Fuzzy Hash: 9b029c3d05b164804741f80434da25350c7cfcc515f117ff3195cf24aa855839
                                                                                                                                                                            • Instruction Fuzzy Hash: 17114575A0420AAFCF09DF58E9459DA7BF5EF48304F004069F808EB252D630EA11CBA5
                                                                                                                                                                            Function 00705854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                            • Instruction ID: da4d61792804e9ce0fa33fa46b0decc0b6d20addc5011a7c5f103892781227d8
                                                                                                                                                                            • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                            • Instruction Fuzzy Hash: 15F0F432501A18DAEB21362D8C096EB37DE9F82335F108715FD25971D2CA7CE8468AA1
                                                                                                                                                                            Function 006ADF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 006ADF45
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: e2e22454c377ceece91725967b92d2c399b2b5e9e8f9c6fadf3eee7844ebe6ee
                                                                                                                                                                            • Instruction ID: 965dfca080128074d0da8c5d28fd15df746534dcdb9ef48b7ef17c52a5e25767
                                                                                                                                                                            • Opcode Fuzzy Hash: e2e22454c377ceece91725967b92d2c399b2b5e9e8f9c6fadf3eee7844ebe6ee
                                                                                                                                                                            • Instruction Fuzzy Hash: C5017C35600209EFCB15CF45C804F9EBBBAFF99310F208059F80697350C770AA14DB94
                                                                                                                                                                            Function 006C6050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • PathFileExistsW.SHLWAPI(?), ref: 006C6061
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExistsFilePath
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1174141254-0
                                                                                                                                                                            • Opcode ID: 2c4a3592c842a5e42526c44fb1afb3a8804b46698851fb68c3cbae40cf58b8af
                                                                                                                                                                            • Instruction ID: e5fb2351000e4547f858d3996b792f422a5ef1edddd87f4a9c4b06684c83fb07
                                                                                                                                                                            • Opcode Fuzzy Hash: 2c4a3592c842a5e42526c44fb1afb3a8804b46698851fb68c3cbae40cf58b8af
                                                                                                                                                                            • Instruction Fuzzy Hash: 13F04F712002008BC7149F59E814B57BBFAEF84715F00851DE44ACB660D775E941CB98
                                                                                                                                                                            Function 007155F5 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00712174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006F872D,?,?,0068A1ED,0000002C,3536BAD2), ref: 007121A6
                                                                                                                                                                            • _free.LIBCMT ref: 00715615
                                                                                                                                                                              • Part of subcall function 00712098: RtlFreeHeap.NTDLL(00000000,00000000,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?), ref: 007120AE
                                                                                                                                                                              • Part of subcall function 00712098: GetLastError.KERNEL32(?,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?,?), ref: 007120C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 314386986-0
                                                                                                                                                                            • Opcode ID: 00240faccc0d94247c306dcc9734b00f1666412969bcafe27a1ac441e5489a4c
                                                                                                                                                                            • Instruction ID: 2e2c993c445c0bc1953c55e693d744bfe3d3fe6a60d7328521378c39db21a39e
                                                                                                                                                                            • Opcode Fuzzy Hash: 00240faccc0d94247c306dcc9734b00f1666412969bcafe27a1ac441e5489a4c
                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF06272105700DFD7299F59D805B92F7F8EF84B11F10842FE29A876D1DAB8A486CB94
                                                                                                                                                                            Function 00712174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,006F872D,?,?,0068A1ED,0000002C,3536BAD2), ref: 007121A6
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: f033faa143bb4d6d1314f2e9763bb235898ad0549376906b95881a3857677070
                                                                                                                                                                            • Instruction ID: 95d50cda168f058278ea0062b4f3d7618059368ff50919d78cc98704eabdeceb
                                                                                                                                                                            • Opcode Fuzzy Hash: f033faa143bb4d6d1314f2e9763bb235898ad0549376906b95881a3857677070
                                                                                                                                                                            • Instruction Fuzzy Hash: B9E0E53120022CB7EB30766D9C05BDB366A9B413A0F614220EE04D60D2CB2CCCD2A1A5
                                                                                                                                                                            Function 006AE500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 006AE51F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Open
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                            • Opcode ID: d3cca8fdd61abd7f8a989dff1fe6344c215ed2b1a23d13e987979a64e80d7c02
                                                                                                                                                                            • Instruction ID: b8b0d1e8b6f5d7b66444dd51aff187b06f3d8d84abe17a60e3e6b44fa38f4827
                                                                                                                                                                            • Opcode Fuzzy Hash: d3cca8fdd61abd7f8a989dff1fe6344c215ed2b1a23d13e987979a64e80d7c02
                                                                                                                                                                            • Instruction Fuzzy Hash: D4F05E31600208ABDB248F09DC04F9EBBA9EF95710F20845EF80597250D6B5AA108B94
                                                                                                                                                                            Function 0068136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006813A5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 323602529-0
                                                                                                                                                                            • Opcode ID: fff63c879679a8e5d3136923ea4c46f13d542e5aa9f86f1a194bc9bae2fa6947
                                                                                                                                                                            • Instruction ID: 047f80cd4d12e339a6306aa681bad04dc3cd86bb3f72b3879909f140b2f9b2e7
                                                                                                                                                                            • Opcode Fuzzy Hash: fff63c879679a8e5d3136923ea4c46f13d542e5aa9f86f1a194bc9bae2fa6947
                                                                                                                                                                            • Instruction Fuzzy Hash: C9F065B2914658EFD715DF44DC01F9AB7EDEB08724F10462EF41293681DBB969048A94
                                                                                                                                                                            Function 006AED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 006AED2F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: b493936a821af7bf6d3c3dc4bd8be35835e81329cf29b176a372d071ad0ec94b
                                                                                                                                                                            • Instruction ID: 3616f330779b0d9f13b230908549d8df10b269c048c28607928c4fd1b83eba1c
                                                                                                                                                                            • Opcode Fuzzy Hash: b493936a821af7bf6d3c3dc4bd8be35835e81329cf29b176a372d071ad0ec94b
                                                                                                                                                                            • Instruction Fuzzy Hash: BDE0123524010DEBDB009E84EC40FA77B2BEB95701F10C415F9084A195C373DC21ABA4
                                                                                                                                                                            Function 00724D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,?,00724E6A,00000000,00000000,-00000002,3536BAD2,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,007444E4), ref: 00724D92
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                            • Opcode ID: 437161c1fea1aff05ca279d4f3923267253faf67d692e4d2c64b6904642c859a
                                                                                                                                                                            • Instruction ID: 031e947b53ab11585e4c217394248ea99430624d282c8a6039b93a7c6d2f59dd
                                                                                                                                                                            • Opcode Fuzzy Hash: 437161c1fea1aff05ca279d4f3923267253faf67d692e4d2c64b6904642c859a
                                                                                                                                                                            • Instruction Fuzzy Hash: 4CD0A73331023819BF540E7CB4696B6334C994176474C0650F51EC62D4E638EC829110
                                                                                                                                                                            Function 0071FE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00720187,?,?,00000000,?,00720187,00000000,0000000C), ref: 0071FE42
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                            • Opcode ID: d95d2d85a93049d06f21d5437e857af5ddcd4d1ffbc780286f40d097f035c51e
                                                                                                                                                                            • Instruction ID: 399ed3e5c55820997121dff92333d88d8b15c44077c5903e5922a50d3afe998d
                                                                                                                                                                            • Opcode Fuzzy Hash: d95d2d85a93049d06f21d5437e857af5ddcd4d1ffbc780286f40d097f035c51e
                                                                                                                                                                            • Instruction Fuzzy Hash: D8D06C3200010DBBDF028F84DD06EDA3BAAFB48714F118000BA5856060C776E921AB95
                                                                                                                                                                            Function 006E269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006E2743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 006E2743
                                                                                                                                                                              • Part of subcall function 006E2743: AcquireSRWLockExclusive.KERNEL32(?,006E28F1), ref: 006E2760
                                                                                                                                                                            • DloadProtectSection.DELAYIMP ref: 006E26C5
                                                                                                                                                                              • Part of subcall function 006E286C: DloadObtainSection.DELAYIMP ref: 006E287C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1209458687-0
                                                                                                                                                                            • Opcode ID: 360bff71918498bc5fa51edea9a0d9313731ae62600dfd19586c8521617018f0
                                                                                                                                                                            • Instruction ID: cbfc46a231ea82c673a1b6c517d085cd8a5f1ca1285e18d3636f6a9fbc6f5f62
                                                                                                                                                                            • Opcode Fuzzy Hash: 360bff71918498bc5fa51edea9a0d9313731ae62600dfd19586c8521617018f0
                                                                                                                                                                            • Instruction Fuzzy Hash: FAD01274516BC24BCB81BF17ACA7754235FB304780F50C505F509C51B9C7B948858E2D
                                                                                                                                                                            Function 006AE8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 006AE8D4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3660427363-0
                                                                                                                                                                            • Opcode ID: 8ba5f0ac1584e613a02dd4c58a3dfbf5e6ed87b4b3975943ce5fdc3f93cbddf3
                                                                                                                                                                            • Instruction ID: c3b4096d39110593d7cae4f1c69b63b76ee8e703ab0dc38639837a042c2c0d9d
                                                                                                                                                                            • Opcode Fuzzy Hash: 8ba5f0ac1584e613a02dd4c58a3dfbf5e6ed87b4b3975943ce5fdc3f93cbddf3
                                                                                                                                                                            • Instruction Fuzzy Hash: 1DD0EA3604020DBBDF025F81ED05EDA7F2AEB09761F148415FA19180A187B79571AFA5
                                                                                                                                                                            Function 006FE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 006FE973
                                                                                                                                                                              • Part of subcall function 00712098: RtlFreeHeap.NTDLL(00000000,00000000,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?), ref: 007120AE
                                                                                                                                                                              • Part of subcall function 00712098: GetLastError.KERNEL32(?,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?,?), ref: 007120C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1353095263-0
                                                                                                                                                                            • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                            • Instruction ID: ac9c239c6602dfe813ba1fd2f8160de3635b422e4ad4249d1011b75cedce4ab8
                                                                                                                                                                            • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                            • Instruction Fuzzy Hash: A0C08C3100020CFBCF009B45C80AA8E7BA8DB80364F200044F40517281CAB1EF449680
                                                                                                                                                                            Function 006D4DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4DAF
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: a64e72048f1b3e087bd8702898da29e61e58f73c257fc5be9cc1f16386a0fb1f
                                                                                                                                                                            • Instruction ID: c0767a6be39c06f23ab2ff727aaaa55136e724a8afd2e9b53647abfc4341c0f3
                                                                                                                                                                            • Opcode Fuzzy Hash: a64e72048f1b3e087bd8702898da29e61e58f73c257fc5be9cc1f16386a0fb1f
                                                                                                                                                                            • Instruction Fuzzy Hash: EAB012C1BBA102BD398851166C07C37010FC9C5B20330C03FF80DC0251D8844C054031
                                                                                                                                                                            Function 006D4D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006D4DAF
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 2e01e0e2dbfc2b34b6d1239f68484898369f2696864f626dd59f1ac026b39638
                                                                                                                                                                            • Instruction ID: 7361ca55576325b02f810f7ca6410d274843835dcda456b51ef61cefd5ddc8ac
                                                                                                                                                                            • Opcode Fuzzy Hash: 2e01e0e2dbfc2b34b6d1239f68484898369f2696864f626dd59f1ac026b39638
                                                                                                                                                                            • Instruction Fuzzy Hash: 98B012C17BB1067D35481112AC07C37012FEDC2B507B0803FF445C015198944C018031
                                                                                                                                                                            Function 006E14C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006E14D8
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 9cff0c708bcdb7afe71b0458700d02d17e738c068b93b1d03a87787856336a17
                                                                                                                                                                            • Instruction ID: 1d6be4a42ea8d421eb635f57b9ade25b4b42562cec6afe91a6fca42be134c97a
                                                                                                                                                                            • Opcode Fuzzy Hash: 9cff0c708bcdb7afe71b0458700d02d17e738c068b93b1d03a87787856336a17
                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB012F137B242BC370811135D06C3B114FC1C3B50730C43EF505C5191D4881C026035
                                                                                                                                                                            Function 006F97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F97C4
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 2c2aa61d63dba4acf0665265473c89feb9a7a969295f4813934bb1e72d9ac61f
                                                                                                                                                                            • Instruction ID: c619a16e433117e4d09b7c6e89f6ed5c42c8c854102ed34eedadb23be0f26dde
                                                                                                                                                                            • Opcode Fuzzy Hash: 2c2aa61d63dba4acf0665265473c89feb9a7a969295f4813934bb1e72d9ac61f
                                                                                                                                                                            • Instruction Fuzzy Hash: 81B012D137A2067C360835165D16C37011FC1C1B20330C43EFE05D0042A4840C064031
                                                                                                                                                                            Function 006F9BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 9138ed3a64dc2a4b7d763781eb0de77d471faa72d92092bf3b6b8b1c9aaf0003
                                                                                                                                                                            • Instruction ID: 760ba4ba7f1f5534b849818ca1f70a9dcd4f80e21afc93bcb21ce7b1021683db
                                                                                                                                                                            • Opcode Fuzzy Hash: 9138ed3a64dc2a4b7d763781eb0de77d471faa72d92092bf3b6b8b1c9aaf0003
                                                                                                                                                                            • Instruction Fuzzy Hash: EBB012D137E106BC3588510B6C06D37025FC1C1B11330C53FFA09C0241D4840C815031
                                                                                                                                                                            Function 006F9BF0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 7c0b204fa1678fdf9c743c74293626946c424e758a84a31eed4d67b488439915
                                                                                                                                                                            • Instruction ID: 1485ede612776ba88d366e8ff076239e826f2ff51d03a3fc5c586b3c5ed33065
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c0b204fa1678fdf9c743c74293626946c424e758a84a31eed4d67b488439915
                                                                                                                                                                            • Instruction Fuzzy Hash: A0B012D137E1067C3288510B6D06D37114FC1C1B11330C53FF709C0241E4840C825035
                                                                                                                                                                            Function 006F9C4A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 99f4b1fe30e2994a7bba555f92ce49fc6da647c50637697cd603c180f533d8ca
                                                                                                                                                                            • Instruction ID: 3ece2b8c59e4ce21845304ed5d64c1c6e105c5c2a2e379b877dd4c2371eb0e5d
                                                                                                                                                                            • Opcode Fuzzy Hash: 99f4b1fe30e2994a7bba555f92ce49fc6da647c50637697cd603c180f533d8ca
                                                                                                                                                                            • Instruction Fuzzy Hash: 97B012C13BE106BC32585107AD06E3B114FC1C1B11330C93FF709C0251F4840C426031
                                                                                                                                                                            Function 006F9C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 6653786d9cc916488553c49eb79b6c35ab165d2a0986a7c019e514ef26e76789
                                                                                                                                                                            • Instruction ID: 221c0809a91873f24cd116e661d543edfe8179e630a82226194528a5d4defbc9
                                                                                                                                                                            • Opcode Fuzzy Hash: 6653786d9cc916488553c49eb79b6c35ab165d2a0986a7c019e514ef26e76789
                                                                                                                                                                            • Instruction Fuzzy Hash: D7B012C17BE206BC325851076C06E7B014FC1C1B113308A3FFA09C0241E4840C856032
                                                                                                                                                                            Function 006F9C54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: de6d800567aecd62df0a0bb4aaac08aac3a4963473e735c4c8782798784f532e
                                                                                                                                                                            • Instruction ID: dd02353658af4f4cfba88acfcdad7d662dbbcc8a58f68e7154438c24d4084321
                                                                                                                                                                            • Opcode Fuzzy Hash: de6d800567aecd62df0a0bb4aaac08aac3a4963473e735c4c8782798784f532e
                                                                                                                                                                            • Instruction Fuzzy Hash: ADB012C13BE106BC315851076C06F3B016FE1C1B113308D3FF609C0281E4840C41A031
                                                                                                                                                                            Function 006F9C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 49fafaab9cad0fb9443037aae29fffe27e69173e3c036d57fafdf3b71fcb746a
                                                                                                                                                                            • Instruction ID: 12046040be93c0325cad22d80321fc1f91617bef2981e7bdefc0875a014180b1
                                                                                                                                                                            • Opcode Fuzzy Hash: 49fafaab9cad0fb9443037aae29fffe27e69173e3c036d57fafdf3b71fcb746a
                                                                                                                                                                            • Instruction Fuzzy Hash: 40B012C237E20A7C314851076C06E7701AFE1C1B11330853FF609C0241D4840C419031
                                                                                                                                                                            Function 006F9C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: a7afdba4b2dd2f377ceb66085a3b7ffa0dcd934f4faf196440d5b2a977f3dc77
                                                                                                                                                                            • Instruction ID: 50774d527e4eaf4b1bfe3a26a05077518f7877acf599ce36fedff21b29bcb310
                                                                                                                                                                            • Opcode Fuzzy Hash: a7afdba4b2dd2f377ceb66085a3b7ffa0dcd934f4faf196440d5b2a977f3dc77
                                                                                                                                                                            • Instruction Fuzzy Hash: E7B012D137E1067C324851076D06D7711CFC1C1B11730C53FF709C0241D4840C425031
                                                                                                                                                                            Function 006F9C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: a74127913afde87a1da0173d7f9a0ffd03a7c2dca2c1b6f7af947726561dea2e
                                                                                                                                                                            • Instruction ID: d342321db0e46bd7540fd6d8a3aaec6c23a18ab7c43b8e2c2b99113d05bee4aa
                                                                                                                                                                            • Opcode Fuzzy Hash: a74127913afde87a1da0173d7f9a0ffd03a7c2dca2c1b6f7af947726561dea2e
                                                                                                                                                                            • Instruction Fuzzy Hash: 00B012C13BE106FC355851076C06E3B014FC1C1B11330C93FFA09C0241E4844C416031
                                                                                                                                                                            Function 006F9C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 7c7c65174f65a477f096c19faf2136ecce3e4470bf62ef5b1d6201f66e69164c
                                                                                                                                                                            • Instruction ID: 374f09533d3167bebad57db800bf480909db90e8e16d099809bda0150e0df013
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c7c65174f65a477f096c19faf2136ecce3e4470bf62ef5b1d6201f66e69164c
                                                                                                                                                                            • Instruction Fuzzy Hash: C4B012C137E106BC354851176C06D77018FC1C1B11330C53FFA09C0241D4840C415031
                                                                                                                                                                            Function 006F9C04 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: 1cac8f89c3f462e8a38711e133bb1a214a49bbd59bccaf2fa681e682c2c24d7b
                                                                                                                                                                            • Instruction ID: 993319dda6fe99f121df6157a11e06d29974cd1a6f32965c951bc876d0a30b7b
                                                                                                                                                                            • Opcode Fuzzy Hash: 1cac8f89c3f462e8a38711e133bb1a214a49bbd59bccaf2fa681e682c2c24d7b
                                                                                                                                                                            • Instruction Fuzzy Hash: C1B012D137E1067C3188510B6C06E37016FE2C1B11330853FF609C0241D4840C81D031
                                                                                                                                                                            Function 006F9C18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 006F9BE7
                                                                                                                                                                              • Part of subcall function 006E293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006E29AF
                                                                                                                                                                              • Part of subcall function 006E293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006E29C0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                            • Opcode ID: e6edda231e19d70a05305296021c9b24b682c97738d5076059cd810683a8f14d
                                                                                                                                                                            • Instruction ID: 1cd8d467ba54beeb583b4ffc2111f4ca37dcf8d78a808cacde2c21caf6a5ec45
                                                                                                                                                                            • Opcode Fuzzy Hash: e6edda231e19d70a05305296021c9b24b682c97738d5076059cd810683a8f14d
                                                                                                                                                                            • Instruction Fuzzy Hash: ABB012C537E2067C324851076C06DB7018FC1C1B11330863FFA09C0241D4840C855031
                                                                                                                                                                            Function 006AECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1659193697-0
                                                                                                                                                                            • Opcode ID: a62ceb3ee219bd2a660c30beaa2be8958a1df07a42f067e3ee51338d3f7125b1
                                                                                                                                                                            • Instruction ID: 836c95641158f75960d490196e16b4c88571e065f3483778bfb26f0d87934a05
                                                                                                                                                                            • Opcode Fuzzy Hash: a62ceb3ee219bd2a660c30beaa2be8958a1df07a42f067e3ee51338d3f7125b1
                                                                                                                                                                            • Instruction Fuzzy Hash: C7E0ED37200519ABDB019B89EC84D9BFB6DEBD6371714403BFA1587220D772EC25CBA0

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 006B0540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,3536BAD2), ref: 006B0571
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006B05B7
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 006B05DD
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 006B05E9
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 006B05F5
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 006B0601
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 006B060D
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 006B061C
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 006B0628
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 006B0634
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 006B0640
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 006B064C
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 006B0658
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,FreeSid), ref: 006B0664
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 006B0670
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 006B067C
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 006B0688
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeSid), ref: 006B0694
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 006B06A0
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 006B06AC
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 006B06B8
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 006B06C4
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 006B06D0
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetAce), ref: 006B06DC
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DeleteAce), ref: 006B06E8
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,EqualSid), ref: 006B06F4
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 006B0700
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 006B070F
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 006B07DE
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                            • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                            • API String ID: 2701342527-838666417
                                                                                                                                                                            • Opcode ID: 5a52a7d36889a1a3100047da7be91cd1610a3a4d06b44f9ec87f40ceb927cdb5
                                                                                                                                                                            • Instruction ID: d90508363f5891663233ab9e8aedd2a5625f1c9955a2f8095b49d9ddcce5b18d
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a52a7d36889a1a3100047da7be91cd1610a3a4d06b44f9ec87f40ceb927cdb5
                                                                                                                                                                            • Instruction Fuzzy Hash: 5F812BF4980B25FEDF25AF61C848BD6BFA1FF05355F40012AE50452AA0DB79A4A8CFC1
                                                                                                                                                                            Function 006C8190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0068463F: GetProcessHeap.KERNEL32(?,?,?,006AC2E1,?,?,?,3536BAD2,?,00000000), ref: 00684676
                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32 ref: 006C8539
                                                                                                                                                                            • GetLastError.KERNEL32(3536BAD2,?), ref: 006C867A
                                                                                                                                                                              • Part of subcall function 006A8690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006A86D6
                                                                                                                                                                              • Part of subcall function 006A8690: LoadResource.KERNEL32(00000000,00000000), ref: 006A86E4
                                                                                                                                                                              • Part of subcall function 006A8690: LockResource.KERNEL32(00000000), ref: 006A86EF
                                                                                                                                                                              • Part of subcall function 006A8690: SizeofResource.KERNEL32(00000000,00000000), ref: 006A86FD
                                                                                                                                                                              • Part of subcall function 006A8690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 006A8764
                                                                                                                                                                              • Part of subcall function 006A8690: LoadResource.KERNEL32(00000000,00000000), ref: 006A8776
                                                                                                                                                                              • Part of subcall function 006A8690: LockResource.KERNEL32(00000000), ref: 006A8785
                                                                                                                                                                              • Part of subcall function 006A8690: SizeofResource.KERNEL32(00000000,00000000), ref: 006A8797
                                                                                                                                                                            • __floor_pentium4.LIBCMT ref: 006C8C83
                                                                                                                                                                            • __floor_pentium4.LIBCMT ref: 006C8CDF
                                                                                                                                                                            • __floor_pentium4.LIBCMT ref: 006C8D37
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
                                                                                                                                                                            • String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
                                                                                                                                                                            • API String ID: 3108935575-1381540002
                                                                                                                                                                            • Opcode ID: 2d354cccb743cc0e825809d3ef7f3fee7aa8a2184595cbcf0eebb2154d27e1d6
                                                                                                                                                                            • Instruction ID: b4a07ba8b60487f537ffe16f9ca290a1a504febf99ce15f699882d059f35bca0
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d354cccb743cc0e825809d3ef7f3fee7aa8a2184595cbcf0eebb2154d27e1d6
                                                                                                                                                                            • Instruction Fuzzy Hash: 8EE29D71A00228CFDB24DF64CC55BEDB7B6EF45700F10869DE41AA7281EB74AA85CF64
                                                                                                                                                                            Function 006CF3C0 Relevance: 33.7, APIs: 13, Strings: 6, Instructions: 463encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 006CF442
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 006CF488
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 006CF4C6
                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 006CF527
                                                                                                                                                                            • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 006CF5AD
                                                                                                                                                                            • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 006CF602
                                                                                                                                                                            • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 006CF89C
                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 006CF8B1
                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 006CF8CB
                                                                                                                                                                              • Part of subcall function 006CE760: CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 006CE877
                                                                                                                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(00000003,00000000,0000000C,00000014), ref: 006CF906
                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 006CF942
                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 006CFA73
                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(00000000), ref: 006CFAA6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Cert$Certificate$ChainFree$ContextCryptParam$NameString$FromPolicyPropertyStoreSubjectVerify
                                                                                                                                                                            • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.
                                                                                                                                                                            • API String ID: 2452394995-549729705
                                                                                                                                                                            • Opcode ID: 342edf5f28f02284a5086fc7ae2617a7c56ac84b9f057feb8b5bb65ce6c1839e
                                                                                                                                                                            • Instruction ID: 4e9f32b85cd2e2d3753a0b26803c05a859427b073cc07aefce4eb4e2cd0901c9
                                                                                                                                                                            • Opcode Fuzzy Hash: 342edf5f28f02284a5086fc7ae2617a7c56ac84b9f057feb8b5bb65ce6c1839e
                                                                                                                                                                            • Instruction Fuzzy Hash: 1E128E709002299BDF609F24CC49BEABBB6EF15714F0441E9E909A7391E7759E84CF60
                                                                                                                                                                            Function 006CEB60 Relevance: 27.5, APIs: 18, Instructions: 477encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001,006BBDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006CEBD2
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEBE4
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEBF4
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CECEE
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CECFE
                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006CEDEE
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEE0A
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEE1C
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEEB6
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEEC2
                                                                                                                                                                              • Part of subcall function 006CF3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 006CF442
                                                                                                                                                                              • Part of subcall function 006CF3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 006CF488
                                                                                                                                                                              • Part of subcall function 006CF3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 006CF4C6
                                                                                                                                                                              • Part of subcall function 006CF3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 006CF527
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEF02
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEF14
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEFAE
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEFBA
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CEFDA
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CEFEA
                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 006CF0CB
                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 006CF0DB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2648890560-0
                                                                                                                                                                            • Opcode ID: b2e1d086229ca9f620a8798b42dde5583affdb5435bf68100594532c6b929528
                                                                                                                                                                            • Instruction ID: d8ce2428572404d3c64c40207338e126e8aa28634bcf2be234df0feac8eadf72
                                                                                                                                                                            • Opcode Fuzzy Hash: b2e1d086229ca9f620a8798b42dde5583affdb5435bf68100594532c6b929528
                                                                                                                                                                            • Instruction Fuzzy Hash: 1D024B71A002099BEF14DFA8CD99FEEBBBAEF08304F14415CE515E7281D779AA44CB64
                                                                                                                                                                            Function 006C2B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,3536BAD2,00000000,?,00000000,?,006C3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 006C2B73
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 006C2B98
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Controller), ref: 006C2BA7
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Release), ref: 006C2BC8
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006C2C46
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006C2CC3
                                                                                                                                                                            • GetLastError.KERNEL32(?,006C3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 006C2CCB
                                                                                                                                                                            Strings
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 006C2CE4
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 006C2CDF
                                                                                                                                                                            • Controller, xrefs: 006C2B9E
                                                                                                                                                                            • Release, xrefs: 006C2BC2
                                                                                                                                                                            • Dispatcher, xrefs: 006C2B92
                                                                                                                                                                            • Failed to load library %s. Error 0x%08X, xrefs: 006C2CD5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                            • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                            • API String ID: 2058215185-435243658
                                                                                                                                                                            • Opcode ID: 4fab76ceeec52fe9835f2a138875680f9a9e796fd706a5e5a4beb88992b6dddb
                                                                                                                                                                            • Instruction ID: b40433913cfa7d835bee85fed757d825c9ea8a08c4b320a9e4186d47ebb9d901
                                                                                                                                                                            • Opcode Fuzzy Hash: 4fab76ceeec52fe9835f2a138875680f9a9e796fd706a5e5a4beb88992b6dddb
                                                                                                                                                                            • Instruction Fuzzy Hash: 3A417BB0A00319DFD7008FA9D954BAEBBF4FF08710F11816EE805AB291D7B89940CFA5
                                                                                                                                                                            Function 006DB4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
                                                                                                                                                                            • API String ID: 0-2110857069
                                                                                                                                                                            • Opcode ID: 264c86fcd1cbfeebf0a3ce1ae3ffb8b654833d565a603523933901729f005ee5
                                                                                                                                                                            • Instruction ID: 8e8f2a08277868ab1a61ff91e5e4115abedabaad39ae9ce4f3845841835795f1
                                                                                                                                                                            • Opcode Fuzzy Hash: 264c86fcd1cbfeebf0a3ce1ae3ffb8b654833d565a603523933901729f005ee5
                                                                                                                                                                            • Instruction Fuzzy Hash: E992A071D00229DBDB28CF14CC507E9BBB6AF49314F0542EAEA59A7381E7759E81CF90
                                                                                                                                                                            Function 0067A610 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067ABD1
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067ABD6
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067B256
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: (#w$)$/$8"w$@#w$X#w$YSTEM$p#w$"w
                                                                                                                                                                            • API String ID: 118556049-2481456763
                                                                                                                                                                            • Opcode ID: c87338811af1ebe88137f712debbdecebff37ee02330a5f28e96127c16844bf6
                                                                                                                                                                            • Instruction ID: b219306ba697e724c835933c848871bce61bb7b110502e5404fb491164daeb96
                                                                                                                                                                            • Opcode Fuzzy Hash: c87338811af1ebe88137f712debbdecebff37ee02330a5f28e96127c16844bf6
                                                                                                                                                                            • Instruction Fuzzy Hash: 8472F2B1D00254CFDB149F64C8157BE77B6FB48304F20866DE42EA7392EB399A85CB46
                                                                                                                                                                            Function 00672B00 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006730C1
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006730C6
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00673746
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: w$)$/$0w$8w$Hw$YSTEM$`w$xw
                                                                                                                                                                            • API String ID: 118556049-1710470579
                                                                                                                                                                            • Opcode ID: dd8fb1d67ada52b873206bdcb2076bdad505ff8f26f0208e47e4361e626da722
                                                                                                                                                                            • Instruction ID: 657beff15ffcc5bd77f9959f6849a3b88b1fcb5546a747e021d57f6e5a1b2d3c
                                                                                                                                                                            • Opcode Fuzzy Hash: dd8fb1d67ada52b873206bdcb2076bdad505ff8f26f0208e47e4361e626da722
                                                                                                                                                                            • Instruction Fuzzy Hash: C77205B1D00265CFEB64DF24C8557AE77B6EB08314F20826DE41EE7391EB35AA84CB45
                                                                                                                                                                            Function 00696220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?), ref: 00696268
                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00696274
                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 006963BF
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006963DF
                                                                                                                                                                            • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006963FC
                                                                                                                                                                            Strings
                                                                                                                                                                            • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 0069671E
                                                                                                                                                                            • al exception rule %x:%x res %s, xrefs: 0069632E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                            • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                            • API String ID: 3004248768-911235813
                                                                                                                                                                            • Opcode ID: 072dc0690ffccdb1b9e2047273086f34f102f4e87a321f5c4d22bac8a5a72b7c
                                                                                                                                                                            • Instruction ID: 912e3314e079dca417c9aa83277cdc9c76ddcd5bb89bb90b9aa09bb0a2a6f5a7
                                                                                                                                                                            • Opcode Fuzzy Hash: 072dc0690ffccdb1b9e2047273086f34f102f4e87a321f5c4d22bac8a5a72b7c
                                                                                                                                                                            • Instruction Fuzzy Hash: BBF12835B012289FDF259B14CC95BEDB7B6BF48711F144099EA0AA7390CB74AE41CF94
                                                                                                                                                                            Function 006967B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 006967F3
                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 006967FB
                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 0069687F
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0069689F
                                                                                                                                                                            • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 006968BC
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 006968DE
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 006968EF
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00696902
                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00696951
                                                                                                                                                                            • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00696980
                                                                                                                                                                            Strings
                                                                                                                                                                            • Freeing access handle %p, xrefs: 006967D0
                                                                                                                                                                            • al exception rule %x:%x res %s, xrefs: 00696824
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                            • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                            • API String ID: 581428007-3582322424
                                                                                                                                                                            • Opcode ID: 09d3a2f58c35f222c3d19294704f852648ef089aff49cb35a562a44001ffa794
                                                                                                                                                                            • Instruction ID: 0439a165b1fe30cdec9eb3727ed9abb8178224b398a11df4d70f37d502e94cf2
                                                                                                                                                                            • Opcode Fuzzy Hash: 09d3a2f58c35f222c3d19294704f852648ef089aff49cb35a562a44001ffa794
                                                                                                                                                                            • Instruction Fuzzy Hash: 90519271A00319ABEF248B60DD45FEA77BCAB04701F104195FA08E62D0DBB4EE84CF64
                                                                                                                                                                            Function 0067CF40 Relevance: 20.1, APIs: 3, Strings: 8, Instructions: 886COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067D501
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067D506
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0067DB86
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: +w$)$/$8+w$P+w$YSTEM$h+w$+w
                                                                                                                                                                            • API String ID: 118556049-4111665604
                                                                                                                                                                            • Opcode ID: 00cb1a36105f72f9f028a7b22d2162d961aab22c2c8a4c187594f48b70d759e5
                                                                                                                                                                            • Instruction ID: 4bfd953d2c5750187c93ac4c88a676768865ef68455c5e310979d9a0c9668841
                                                                                                                                                                            • Opcode Fuzzy Hash: 00cb1a36105f72f9f028a7b22d2162d961aab22c2c8a4c187594f48b70d759e5
                                                                                                                                                                            • Instruction Fuzzy Hash: 907204B1D00254CFDB14DF24C8157AE77B6EF08354F208A6DE42EA7392EB359A85CB45
                                                                                                                                                                            Function 006CA540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 006CA956
                                                                                                                                                                            • failed to parse date from value: %s, xrefs: 006CA63C
                                                                                                                                                                            • failed to parse date from name: %s, xrefs: 006CA5B2
                                                                                                                                                                            • invalid substitutor, xrefs: 006CA9F8
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 006CA9FF, 006CB07E
                                                                                                                                                                            • invalid stol argument, xrefs: 006CA987
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 006CA95B, 006CAA04, 006CB083
                                                                                                                                                                            • NEQ, xrefs: 006CA8CD
                                                                                                                                                                            • Unable to substitute the arguments, xrefs: 006CB077
                                                                                                                                                                            • stol argument out of range, xrefs: 006CA991
                                                                                                                                                                            • [DATE:TODAY], xrefs: 006CAA28
                                                                                                                                                                            • Unknown comparison operator: %s, xrefs: 006CA94F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Time$SystemVariant
                                                                                                                                                                            • String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
                                                                                                                                                                            • API String ID: 352189841-3100175478
                                                                                                                                                                            • Opcode ID: f38db9b8d59ff1904c3afa27bc0af027ff2ec748925afa094afdcb0d21375241
                                                                                                                                                                            • Instruction ID: ee903362444202b443942226f24990af2ee64c1df9cf981e53fd6a55c259a871
                                                                                                                                                                            • Opcode Fuzzy Hash: f38db9b8d59ff1904c3afa27bc0af027ff2ec748925afa094afdcb0d21375241
                                                                                                                                                                            • Instruction Fuzzy Hash: 6872AFB1D0021C9ACB65DFA4C855BEEB7B6FF15308F10429DE40ABB281EB346A85CF55
                                                                                                                                                                            Function 006D28A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
                                                                                                                                                                            • API String ID: 0-494503603
                                                                                                                                                                            • Opcode ID: f51ba19f1805b01dfff2b4c90fb1dc57024b43cbb91b98ff2ee0c6b025b3479d
                                                                                                                                                                            • Instruction ID: 5628beee776fde1f11361166b4a037f92b39a4b0b54fa5f6925f2394fec06fcf
                                                                                                                                                                            • Opcode Fuzzy Hash: f51ba19f1805b01dfff2b4c90fb1dc57024b43cbb91b98ff2ee0c6b025b3479d
                                                                                                                                                                            • Instruction Fuzzy Hash: 7F0271B0E40209AFDB14DF90C966BEEB7B6AF18704F100159F50177381DBB9AE48CBA5
                                                                                                                                                                            Function 00675400 Relevance: 11.4, APIs: 3, Strings: 3, Instructions: 918COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006759C1
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006759C6
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00676066
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: )$/$YSTEM
                                                                                                                                                                            • API String ID: 118556049-314724184
                                                                                                                                                                            • Opcode ID: 0ba09dc19c7bcc041d78367dbf746495f1a542c7c7124196e157c8cd78173021
                                                                                                                                                                            • Instruction ID: 647458f7f5f1f15d0204f103dee027df5eb76fd5e02efc48eb46eb768b16bf18
                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba09dc19c7bcc041d78367dbf746495f1a542c7c7124196e157c8cd78173021
                                                                                                                                                                            • Instruction Fuzzy Hash: D872F2B1E00658CFDB14CF28C8157AE77B6AB08354F6082ADE41FE7391EB759A84CB45
                                                                                                                                                                            Function 006CF150 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 342encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 006CF442
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 006CF488
                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 006CF4C6
                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 006CF527
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                            • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                            • API String ID: 738114118-146536318
                                                                                                                                                                            • Opcode ID: e60149e0edcc717ef0383c0442af887c14cbd9752a90300f0ff2c17f86f7a3a3
                                                                                                                                                                            • Instruction ID: 6c8d47e290734ebe05e6ab5198c125ac41931c1431c3b59c85396bd17ee81255
                                                                                                                                                                            • Opcode Fuzzy Hash: e60149e0edcc717ef0383c0442af887c14cbd9752a90300f0ff2c17f86f7a3a3
                                                                                                                                                                            • Instruction Fuzzy Hash: A9D15971D00219AFCB24DF64C885BEEBBB6EF49710F1441ADE919A7350DB35AA44CFA0
                                                                                                                                                                            Function 0071CFDB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D0B
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D41
                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0071D0E7
                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 0071D130
                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 0071D13F
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0071D187
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0071D1A6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                            • String ID: (3u
                                                                                                                                                                            • API String ID: 949163717-488320713
                                                                                                                                                                            • Opcode ID: b3155a7f59cf61b4199a20ef9d596ffb102383eaac3d94f9b00cfcdec468fb6b
                                                                                                                                                                            • Instruction ID: e1d8e1d19715bae825c1491423e8a491794296db92f282e2479f339b6b4a76d7
                                                                                                                                                                            • Opcode Fuzzy Hash: b3155a7f59cf61b4199a20ef9d596ffb102383eaac3d94f9b00cfcdec468fb6b
                                                                                                                                                                            • Instruction Fuzzy Hash: 05517171900209ABEB20DFA8CC85AFA77B8BF09701F144569F911EB1D0E7789D85CF61
                                                                                                                                                                            Function 006D6D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
                                                                                                                                                                            • API String ID: 0-4118445655
                                                                                                                                                                            • Opcode ID: 2db8022ebe747cdb2e3f1a0403f66756c1cf5710d0d031a9e2189940e289c71b
                                                                                                                                                                            • Instruction ID: 363418b61f88b8552da6cb8c8bbb3ba98a0e86c84d26bc03350fdf39f04cb485
                                                                                                                                                                            • Opcode Fuzzy Hash: 2db8022ebe747cdb2e3f1a0403f66756c1cf5710d0d031a9e2189940e289c71b
                                                                                                                                                                            • Instruction Fuzzy Hash: 59427075D083588FDF25CF64C8807EDBBB2AF1A304F28419AD949AB352E7349D86CB51
                                                                                                                                                                            Function 0071CE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,0071D124,00000002,00000000,?,?,?,0071D124,?,00000000), ref: 0071CE9F
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,0071D124,00000002,00000000,?,?,?,0071D124,?,00000000), ref: 0071CEC8
                                                                                                                                                                            • GetACP.KERNEL32(?,?,0071D124,?,00000000), ref: 0071CEDD
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                            • Opcode ID: dce1d242fe5526d743eb731750fdfa9ad7b10e2966c50ad1dfa6eae92747892c
                                                                                                                                                                            • Instruction ID: c523d7a80bc2c9fcdeb65a578c7a6c11f7fc8a8c3cbb099896878875dfe17648
                                                                                                                                                                            • Opcode Fuzzy Hash: dce1d242fe5526d743eb731750fdfa9ad7b10e2966c50ad1dfa6eae92747892c
                                                                                                                                                                            • Instruction Fuzzy Hash: 6621B832680105AAEB328BECC901BE773A6AB50F54B5A8564E906D71C4E736DEC9C390
                                                                                                                                                                            Function 006E0660 Relevance: 8.5, Strings: 6, Instructions: 986COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$qGm
                                                                                                                                                                            • API String ID: 0-924521485
                                                                                                                                                                            • Opcode ID: fbb2cd8ec2da6b59f41b0b785c2bc9b834f26a17a24365ebff2fab06fa2445cd
                                                                                                                                                                            • Instruction ID: ae8d4a527e297efd5d8a225f3be59b283e64d7df10696e52d83840a783c2edab
                                                                                                                                                                            • Opcode Fuzzy Hash: fbb2cd8ec2da6b59f41b0b785c2bc9b834f26a17a24365ebff2fab06fa2445cd
                                                                                                                                                                            • Instruction Fuzzy Hash: 21825871A023998BEB24CF1AC8907EDB7B2BB45314F1442EAD859AB381D7719EC5CF50
                                                                                                                                                                            Function 006BD2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
                                                                                                                                                                            • API String ID: 0-1758782166
                                                                                                                                                                            • Opcode ID: 82df8dfe7e3c27bc95ccee71908f41a575b7082c2f4cac7a131cd2f5f1a517dc
                                                                                                                                                                            • Instruction ID: 071244c06b01edae120835e42587a23020df51c684ccff97b4cf46565a518205
                                                                                                                                                                            • Opcode Fuzzy Hash: 82df8dfe7e3c27bc95ccee71908f41a575b7082c2f4cac7a131cd2f5f1a517dc
                                                                                                                                                                            • Instruction Fuzzy Hash: 6802B0B15042509FC728DF28C491BF5BBE6FF15304F2885ADE4898F392E7799985CB90
                                                                                                                                                                            Function 006D7602 Relevance: 6.2, Strings: 4, Instructions: 1247COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: #$($?$n
                                                                                                                                                                            • API String ID: 0-1429268647
                                                                                                                                                                            • Opcode ID: e12ca58f075d8664689ee7901d5f6f5f0a4ddfd998b488e3805e8c33f5e19e9c
                                                                                                                                                                            • Instruction ID: be8ced77647779043fb247964987b8ed66f2735e3802698d60a200e2afa3d3cb
                                                                                                                                                                            • Opcode Fuzzy Hash: e12ca58f075d8664689ee7901d5f6f5f0a4ddfd998b488e3805e8c33f5e19e9c
                                                                                                                                                                            • Instruction Fuzzy Hash: 35B26F74E04259CFCB25CFA8C8947ADFBB2BF59300F18829AD459AB346D730A946CF51
                                                                                                                                                                            Function 006F93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006F93FE
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 006F94CA
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006F94EA
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 006F94F4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                            • Opcode ID: dd5c717828d3ffac58b66f2638834628f490f5173a7a6e0edbd77e6acf6a8496
                                                                                                                                                                            • Instruction ID: 00f47581690d27b27d29eea53b1ee6069703e2ada16865756f0cb1eed3a68873
                                                                                                                                                                            • Opcode Fuzzy Hash: dd5c717828d3ffac58b66f2638834628f490f5173a7a6e0edbd77e6acf6a8496
                                                                                                                                                                            • Instruction Fuzzy Hash: BF312B75D0121C9BDB51DFA4D989BCDBBF8BF04304F1041AAE50DA7250EB745A858F15
                                                                                                                                                                            Function 006D83A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: )$)$:$\b(?=\w)
                                                                                                                                                                            • API String ID: 0-1096454370
                                                                                                                                                                            • Opcode ID: f5e97b0b53d43554931be7340e2ebc91d19bbefca1ee2efa533a1b3ac4b51ec0
                                                                                                                                                                            • Instruction ID: 6aaab4fa596bfd581672be4116731eb8966b0ab972c2b50447154f884496c1f8
                                                                                                                                                                            • Opcode Fuzzy Hash: f5e97b0b53d43554931be7340e2ebc91d19bbefca1ee2efa533a1b3ac4b51ec0
                                                                                                                                                                            • Instruction Fuzzy Hash: 74325D74D04229CFDB25CF68C8847ADBBB2BF49314F14819AD85AAB351C7749D86CF60
                                                                                                                                                                            Function 0071CA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D0B
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D41
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071CAD4
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071CB1E
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071CBE4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3140898709-0
                                                                                                                                                                            • Opcode ID: 4979bf2a679198056dd2da3f083d691b7c1cf8d54c3339052e212b98ea1dc2c4
                                                                                                                                                                            • Instruction ID: 948cb9b23db05c373f45b548cca9c7d2028b31b74eed6964d3a6df4acbc5069e
                                                                                                                                                                            • Opcode Fuzzy Hash: 4979bf2a679198056dd2da3f083d691b7c1cf8d54c3339052e212b98ea1dc2c4
                                                                                                                                                                            • Instruction Fuzzy Hash: E86193715802079BEB2A9FA8CC82BFA77A8EF04340F14417AE905C61C5E738DDD1DBA4
                                                                                                                                                                            Function 006FD453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,007780CC), ref: 006FD54B
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,007780CC), ref: 006FD555
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,007780CC), ref: 006FD562
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                            • Opcode ID: e60ee14710b9e3ddd847f96e381ba244e2baf556fdb0732fbbc8e5e23ea8de49
                                                                                                                                                                            • Instruction ID: f7836f66d18b034b2847f85777aef30fdeae892a9d49e21a610f976c032bf840
                                                                                                                                                                            • Opcode Fuzzy Hash: e60ee14710b9e3ddd847f96e381ba244e2baf556fdb0732fbbc8e5e23ea8de49
                                                                                                                                                                            • Instruction Fuzzy Hash: 4831D6B490121CABCB61DF68D8897DDBBB9BF18310F5042EAE50CA7250EB749F818F45
                                                                                                                                                                            Function 006A8EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A91DE
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A952E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                            • Opcode ID: aeec4c5e19ad6ab31d50909798c3ec59034f42feb50768408c936c82962df1a8
                                                                                                                                                                            • Instruction ID: b3ce3c515561aa58796b866188fae4ef23ba4e78bbe5a2a8d1e8a554763c0ecc
                                                                                                                                                                            • Opcode Fuzzy Hash: aeec4c5e19ad6ab31d50909798c3ec59034f42feb50768408c936c82962df1a8
                                                                                                                                                                            • Instruction Fuzzy Hash: 2922B072D10119AFCF14EFA8DC41AAEB7B6FF4A350F244229F815A7391DB349D018BA5
                                                                                                                                                                            Function 0070B340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                            • Instruction ID: bed1007646db41ab20780dfd419f78472b71d0db00426ffea0f212f3906cbb72
                                                                                                                                                                            • Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                            • Instruction Fuzzy Hash: C4F11D71E01219DFDF14CFA8C8906ADB7F1EF88314F25826AD919A7385D735AA01CB90
                                                                                                                                                                            Function 007170B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00705A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 0071703D
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(?,?,00705A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 00717054
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4086329628-0
                                                                                                                                                                            • Opcode ID: d4bbb6efbf773c4073226e08534f64d7ef0305ba911cf5bc80e169efbc02fe6e
                                                                                                                                                                            • Instruction ID: 25a99b1c75519915dfa14f148ce6a5b89b726f3bd538dc397b029a582fe52a62
                                                                                                                                                                            • Opcode Fuzzy Hash: d4bbb6efbf773c4073226e08534f64d7ef0305ba911cf5bc80e169efbc02fe6e
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01F731148319B7DB246A689C09BFF376CDF09761F244400F908861C1DA2DD9C1D1B2
                                                                                                                                                                            Function 007114AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007114AA,?,?,00000008,?,?,00720D68,00000000), ref: 007116DC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                            • Opcode ID: f9697d32f98241ae647a2423f2f3271d525674bb65da505570a423a822be8c3f
                                                                                                                                                                            • Instruction ID: ff9a0265eb04c08d3bc04daea3ae1674d6945151a9e3e618472d88684c9bb5a8
                                                                                                                                                                            • Opcode Fuzzy Hash: f9697d32f98241ae647a2423f2f3271d525674bb65da505570a423a822be8c3f
                                                                                                                                                                            • Instruction Fuzzy Hash: 89B15A35210609CFD714CF2CC48AAA47BA1FF45364F698658E99ACF2E1C73AE991CB40
                                                                                                                                                                            Function 006F9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006F922B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                            • Opcode ID: 44f1397cf274e620109296e2bdede5bbed522b54e7a6ffdee0add8ab416eefc1
                                                                                                                                                                            • Instruction ID: eaca4333b12b1660987be9007b15d87af895715ac8dea87785d62ae17e507640
                                                                                                                                                                            • Opcode Fuzzy Hash: 44f1397cf274e620109296e2bdede5bbed522b54e7a6ffdee0add8ab416eefc1
                                                                                                                                                                            • Instruction Fuzzy Hash: 415192B29112099FEB18CF65E9C57AEB7F2FB44310F14856AD505EB390D3789D40CBA4
                                                                                                                                                                            Function 0071CCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D0B
                                                                                                                                                                              • Part of subcall function 00711CA9: _free.LIBCMT ref: 00711D41
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071CD34
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2003897158-0
                                                                                                                                                                            • Opcode ID: ad1b8da4bf0bb7ff11203645566a2e492bfa36696a615c446bca9120bbcc7308
                                                                                                                                                                            • Instruction ID: 05bf0457a814cb16eeca7de9f728b782f0413377e262152d4e92e95d180168a1
                                                                                                                                                                            • Opcode Fuzzy Hash: ad1b8da4bf0bb7ff11203645566a2e492bfa36696a615c446bca9120bbcc7308
                                                                                                                                                                            • Instruction Fuzzy Hash: 6121C832650206ABDF199A6DEC42AFA3BACEF44700B14007EFD06D61C1EB79DD808750
                                                                                                                                                                            Function 0071C952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0071CA80,00000001,00000000,?,-00000050,?,0071D0BB,00000000,?,?,?,00000055,?), ref: 0071C9C4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                            • Opcode ID: 049d07a528d716ad84a563b675e50ea1cf660df8e10bb9764a3a96bffb0f282e
                                                                                                                                                                            • Instruction ID: 17dce08d6fc4a36d48c7565ce13a0006bdebec949da37684d604f8e6d4b1caa3
                                                                                                                                                                            • Opcode Fuzzy Hash: 049d07a528d716ad84a563b675e50ea1cf660df8e10bb9764a3a96bffb0f282e
                                                                                                                                                                            • Instruction Fuzzy Hash: 9A1129362003059FDB199F7DC8925FAB791FF84319B18842DE94787A80D379B982C740
                                                                                                                                                                            Function 0071CF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0071CC9C,00000000,00000000,?), ref: 0071CF38
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                            • Opcode ID: e2990a53483608604279789f450a69f573961b61be88f5718404349b141d777c
                                                                                                                                                                            • Instruction ID: 29974e4c1e2b78f15771a9d12c8847dc3c62c0bd7b30fa97f420432062114d67
                                                                                                                                                                            • Opcode Fuzzy Hash: e2990a53483608604279789f450a69f573961b61be88f5718404349b141d777c
                                                                                                                                                                            • Instruction Fuzzy Hash: D9F0F933540215ABDB255BACC806BFA7B6DEB40B54F054424ED15A31C0EA78FE82C5D0
                                                                                                                                                                            Function 0071C9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0071CCE0,00000001,?,?,-00000050,?,0071D07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0071CA37
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                            • Opcode ID: 2249fc1c95193f0346565d196c985a124c145e1bc10e9df3cea68d4047b6c817
                                                                                                                                                                            • Instruction ID: 4b4d465c01646d365f6ac3c0f058a24c11f306ae087084337ce21d70d80cbc4c
                                                                                                                                                                            • Opcode Fuzzy Hash: 2249fc1c95193f0346565d196c985a124c145e1bc10e9df3cea68d4047b6c817
                                                                                                                                                                            • Instruction Fuzzy Hash: 83F046362403085FDB169FBDDC81AFA7F94EF81368B08842DF9058B6C0D2799C81C690
                                                                                                                                                                            Function 0071C907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0071C860,00000001,?,?,?,0071D0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0071C93E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                            • Opcode ID: 6f35cf18f84d4bbb1fa879c98c88576bfc86ffb70bca3c5f9eb90fa3b78ef47d
                                                                                                                                                                            • Instruction ID: 59ff07503be21a2c96c3c26e575effc4c56dbd2a138a0b50b020a7e02fb7b56e
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f35cf18f84d4bbb1fa879c98c88576bfc86ffb70bca3c5f9eb90fa3b78ef47d
                                                                                                                                                                            • Instruction Fuzzy Hash: ABF05C3634020457CB069FBDDC456A6BF54EFC1B20B064059FA058B1C0C2399982C790
                                                                                                                                                                            Function 007145DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00710C61,?,20001004,00000000,00000002,?,?,0071024C), ref: 0071460E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                            • Opcode ID: d4bc51d590b2ec41096a4637e0f9bdc1bafbc3175a09b9c0c9f5cdc9b9715c46
                                                                                                                                                                            • Instruction ID: d816d9e15bafcf22559a2c60d828023417fa549a8703a05548e4d001e3f09325
                                                                                                                                                                            • Opcode Fuzzy Hash: d4bc51d590b2ec41096a4637e0f9bdc1bafbc3175a09b9c0c9f5cdc9b9715c46
                                                                                                                                                                            • Instruction Fuzzy Hash: 9CE04F31500129BBDF122F65EC09FDE3E69EF45B62F014010FD15661A1CB7A89A1AAD8
                                                                                                                                                                            Function 006CE610 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCrypt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1563465135-0
                                                                                                                                                                            • Opcode ID: c3c6ce87cfeafd24bb22e23198dbc4d142f72725fa4089dfff709ff107943fc3
                                                                                                                                                                            • Instruction ID: 18f06d4ee0a81a412942c0156ea473bf11fdd07fe210af3615e5e54491834cd4
                                                                                                                                                                            • Opcode Fuzzy Hash: c3c6ce87cfeafd24bb22e23198dbc4d142f72725fa4089dfff709ff107943fc3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8BB01270611101479F408B77C90CD1132699A0034131400486104C1010D625C800C918
                                                                                                                                                                            Function 006F9586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,006F8A95), ref: 006F958B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                            • Opcode ID: f4bc6acdfd5ca3c285dbd1c3af156c0427b21c367aaf1b87825da34f24fc8032
                                                                                                                                                                            • Instruction ID: cb37519e0fdd25910ccc48e536b708b7aae56d8e0c865ee505b84663cd36dfc1
                                                                                                                                                                            • Opcode Fuzzy Hash: f4bc6acdfd5ca3c285dbd1c3af156c0427b21c367aaf1b87825da34f24fc8032
                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                            Function 00700B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 0
                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                            • Opcode ID: 8236f4719a63ebb3bd9501bf56a58060d32ad80a24403d88ed24cda110497df4
                                                                                                                                                                            • Instruction ID: 2f8b567747444a32d6f3051f9fd11f92b0a6796c25ebbf3b8883fe9336b8f888
                                                                                                                                                                            • Opcode Fuzzy Hash: 8236f4719a63ebb3bd9501bf56a58060d32ad80a24403d88ed24cda110497df4
                                                                                                                                                                            • Instruction Fuzzy Hash: 58618BB0700748DAEB389A688895BFF73E5AF42324F54072EE483DB6C1D66D9D4183E5
                                                                                                                                                                            Function 006D47C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: :
                                                                                                                                                                            • API String ID: 0-336475711
                                                                                                                                                                            • Opcode ID: fedfe6059dffaeae18aef6a0f0af6f242407f544219daa4a5102c39f0bc1671a
                                                                                                                                                                            • Instruction ID: b2b97b1efa4f0b1824affeffaf7940bc7fe78c244626016cdce6616f4c32778d
                                                                                                                                                                            • Opcode Fuzzy Hash: fedfe6059dffaeae18aef6a0f0af6f242407f544219daa4a5102c39f0bc1671a
                                                                                                                                                                            • Instruction Fuzzy Hash: 7D41F9A6E01248AFEB018E5994A37DFBBA5DB72704F44409BD8401B383D9759B0BC7A2
                                                                                                                                                                            Function 0068463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006F88FA: EnterCriticalSection.KERNEL32(0077742C,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F8905
                                                                                                                                                                              • Part of subcall function 006F88FA: LeaveCriticalSection.KERNEL32(0077742C,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F8942
                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,?,006AC2E1,?,?,?,3536BAD2,?,00000000), ref: 00684676
                                                                                                                                                                              • Part of subcall function 006F88B0: EnterCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88BA
                                                                                                                                                                              • Part of subcall function 006F88B0: LeaveCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88ED
                                                                                                                                                                              • Part of subcall function 006F88B0: RtlWakeAllConditionVariable.NTDLL ref: 006F8964
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 325507722-0
                                                                                                                                                                            • Opcode ID: 569631c290d5c0ace53c98210431f842998f02c766f7521f4ea12e4ac4cefabd
                                                                                                                                                                            • Instruction ID: 33e2d8618e48bbee3790f76580778617f8511cb6b38ca705ec58757188d7069f
                                                                                                                                                                            • Opcode Fuzzy Hash: 569631c290d5c0ace53c98210431f842998f02c766f7521f4ea12e4ac4cefabd
                                                                                                                                                                            • Instruction Fuzzy Hash: DD117C71584605DED7D0AB28EC0E72637A1A7443B4F148129E61C8B2A1DF7C68C8CB2F
                                                                                                                                                                            Function 00714619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • GetSystemTimePreciseAsFileTime, xrefs: 00714629
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                            • API String ID: 0-595813830
                                                                                                                                                                            • Opcode ID: b06f61f018f8f8fad75fdc2fd535a2a1562d4de74fed53befc146eee7794a04c
                                                                                                                                                                            • Instruction ID: 6b8dc682735572766364d365a3810574f400365bcbbe766de07cfdb9c0340c27
                                                                                                                                                                            • Opcode Fuzzy Hash: b06f61f018f8f8fad75fdc2fd535a2a1562d4de74fed53befc146eee7794a04c
                                                                                                                                                                            • Instruction Fuzzy Hash: 1DE0C27268062473D22036946C06FEA7E14EB41BB2F044062FE04661C289AD585186D9
                                                                                                                                                                            Function 007268E0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                            • Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
                                                                                                                                                                            • Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84
                                                                                                                                                                            Function 00718609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3f99b025b5ddb88f534bb96811bed12318e89ae9b5944d4016450d03fd8d285d
                                                                                                                                                                            • Instruction ID: 6dbb8a0a79d7bc7c8d0b48859fa77c242e5f5870adfad43cabe707be4536555f
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f99b025b5ddb88f534bb96811bed12318e89ae9b5944d4016450d03fd8d285d
                                                                                                                                                                            • Instruction Fuzzy Hash: 54320021E29F014DD7639638DC22366A258AFB73C6F15D727E81AB5AE6EF2DC4C34101
                                                                                                                                                                            Function 00700DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 53483267b7d5c92e865e0fa42446a79e9b29aa2c347c0e9af58cebb73da0ef25
                                                                                                                                                                            • Instruction ID: ef1888b60ca9aaf321357639b363bbc068613cec15770846739ae1242d6974e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 53483267b7d5c92e865e0fa42446a79e9b29aa2c347c0e9af58cebb73da0ef25
                                                                                                                                                                            • Instruction Fuzzy Hash: B061497060030ADADB38AA28C8957BE73D5AB41720F940F2EE542EB2C1D76DAD4193C5
                                                                                                                                                                            Function 00700919 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                            • Instruction ID: 69150dd1d351453d8bb344cc3266c503da6d1b8e101e66c20465031656d9e252
                                                                                                                                                                            • Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                            • Instruction Fuzzy Hash: 14515DB0710748D6EF388A2888997BE77DA9B02334F54871ED486E72C3D65DAE4483D2
                                                                                                                                                                            Function 0070933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                            • Instruction ID: 5fa0611a245a823fe8aefe8396457cbef03e551e11b4f71118bb636974a42deb
                                                                                                                                                                            • Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                            • Instruction Fuzzy Hash: B2517271E00119EFDF04CF99C981AEEBBB2EF89304F19815DE915AB282C7389E51DB50
                                                                                                                                                                            Function 00720AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 562fd6b3d125f018863d7cdcc97fa2dde1a4aa48da90bcc0f84d71f6f1083339
                                                                                                                                                                            • Instruction ID: 1590c6e40e0844b2eeefe3740954ccd1c4f2d6468151d6aa1d260e766ff9f452
                                                                                                                                                                            • Opcode Fuzzy Hash: 562fd6b3d125f018863d7cdcc97fa2dde1a4aa48da90bcc0f84d71f6f1083339
                                                                                                                                                                            • Instruction Fuzzy Hash: 0D21B373F204394B7B0CC47E8C572BDB6E1C68C641745823AE8A6EA2C1D96CD917E2E4
                                                                                                                                                                            Function 00720992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 2d4fef3d7bdfc66dd87979f1b7496ff6d4448754afb485fd0c447a2ebcd646ce
                                                                                                                                                                            • Instruction ID: 13355b6e677b1c9c5ce844fb24db3763d3fa5db1be732c37d882583ccefab51d
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d4fef3d7bdfc66dd87979f1b7496ff6d4448754afb485fd0c447a2ebcd646ce
                                                                                                                                                                            • Instruction Fuzzy Hash: FB117323F30C255B775C816D8C172BAA5D6EBD825070F533AD827EB284E9A4EE13D290
                                                                                                                                                                            Function 006FADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                            • Instruction ID: c45e7cf9529fd00f5eaf3aea70a15d3614518cd06e125f17fedc64e9c37c55ee
                                                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                            • Instruction Fuzzy Hash: FE115BF720014A43D6148AADD4F45F7F397EBC632072C437AD34A4B754D122E951B902
                                                                                                                                                                            Function 006E6AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 006E6AB6
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 006E6AC4
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 006E6AD5
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 006E6AE6
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 006E6AF7
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 006E6B08
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 006E6B19
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 006E6B2A
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 006E6B3B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 006E6B4C
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 006E6B5D
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 006E6B6E
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 006E6B7F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 006E6B90
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 006E6BA1
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 006E6BB2
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 006E6BC3
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 006E6BD4
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 006E6BE5
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 006E6BF6
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 006E6C07
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 006E6C18
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 006E6C29
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 006E6C3A
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 006E6C4B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 006E6C5C
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 006E6C6D
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 006E6C7E
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006E6C8F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006E6CA0
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 006E6CB1
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 006E6CC2
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 006E6CD3
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 006E6CE4
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 006E6CF5
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 006E6D06
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 006E6D17
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 006E6D28
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 006E6D39
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 006E6D4A
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 006E6D5B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                            • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                            • API String ID: 667068680-295688737
                                                                                                                                                                            • Opcode ID: 8be1735fd39b9a1b29b8531f666105cbdeedd319c048179ce64e9e55b270fc0d
                                                                                                                                                                            • Instruction ID: c9fdb4d26364baaf1954da95fb533c2791cea1088bf99075673e0420f6196b54
                                                                                                                                                                            • Opcode Fuzzy Hash: 8be1735fd39b9a1b29b8531f666105cbdeedd319c048179ce64e9e55b270fc0d
                                                                                                                                                                            • Instruction Fuzzy Hash: 4961C6B1996310AFE7086FB4AD4DA663EB8BA09762314C82AF155D71B1E7FC40C0CF58
                                                                                                                                                                            Function 006EE2B1 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 449COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006EE2B8
                                                                                                                                                                            • ctype.LIBCPMT ref: 006EE2FF
                                                                                                                                                                              • Part of subcall function 00683055: __Getctype.LIBCPMT ref: 00683064
                                                                                                                                                                              • Part of subcall function 006E7FAF: __EH_prolog3.LIBCMT ref: 006E7FB6
                                                                                                                                                                              • Part of subcall function 006E7FAF: std::_Lockit::_Lockit.LIBCPMT ref: 006E7FC0
                                                                                                                                                                              • Part of subcall function 006E7FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 006E8031
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE30D
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE324
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE36B
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE39E
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE3F0
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE405
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE424
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE443
                                                                                                                                                                            • collate.LIBCPMT ref: 006EE44D
                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 006EE48F
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE4BA
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE4FB
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE510
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE559
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE58C
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE5E7
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE643
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE696
                                                                                                                                                                              • Part of subcall function 006E8203: __EH_prolog3.LIBCMT ref: 006E820A
                                                                                                                                                                              • Part of subcall function 006E8203: std::_Lockit::_Lockit.LIBCPMT ref: 006E8214
                                                                                                                                                                              • Part of subcall function 006E8203: std::_Lockit::~_Lockit.LIBCPMT ref: 006E8285
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE6B5
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE707
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE74C
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE761
                                                                                                                                                                              • Part of subcall function 006E87D5: __EH_prolog3.LIBCMT ref: 006E87DC
                                                                                                                                                                              • Part of subcall function 006E87D5: std::_Lockit::_Lockit.LIBCPMT ref: 006E87E6
                                                                                                                                                                              • Part of subcall function 006E87D5: std::_Lockit::~_Lockit.LIBCPMT ref: 006E8857
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE780
                                                                                                                                                                              • Part of subcall function 006E7C31: __EH_prolog3.LIBCMT ref: 006E7C38
                                                                                                                                                                              • Part of subcall function 006E7C31: std::_Lockit::_Lockit.LIBCPMT ref: 006E7C42
                                                                                                                                                                              • Part of subcall function 006E7C31: std::_Lockit::~_Lockit.LIBCPMT ref: 006E7CB3
                                                                                                                                                                            • codecvt.LIBCPMT ref: 006EE7B5
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE7BF
                                                                                                                                                                              • Part of subcall function 006E86AB: __EH_prolog3.LIBCMT ref: 006E86B2
                                                                                                                                                                              • Part of subcall function 006E86AB: std::_Lockit::_Lockit.LIBCPMT ref: 006E86BC
                                                                                                                                                                              • Part of subcall function 006E86AB: std::_Lockit::~_Lockit.LIBCPMT ref: 006E872D
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE677
                                                                                                                                                                              • Part of subcall function 006E5688: Concurrency::cancel_current_task.LIBCPMT ref: 006E5748
                                                                                                                                                                              • Part of subcall function 006E5688: __EH_prolog3.LIBCMT ref: 006E5755
                                                                                                                                                                              • Part of subcall function 006E5688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 006E5781
                                                                                                                                                                              • Part of subcall function 006E5688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 006E578C
                                                                                                                                                                              • Part of subcall function 006E8298: __EH_prolog3.LIBCMT ref: 006E829F
                                                                                                                                                                              • Part of subcall function 006E8298: std::_Lockit::_Lockit.LIBCPMT ref: 006E82A9
                                                                                                                                                                              • Part of subcall function 006E8298: std::_Lockit::~_Lockit.LIBCPMT ref: 006E831A
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE658
                                                                                                                                                                              • Part of subcall function 006E5688: __EH_prolog3.LIBCMT ref: 006E568F
                                                                                                                                                                              • Part of subcall function 006E5688: std::_Lockit::_Lockit.LIBCPMT ref: 006E5699
                                                                                                                                                                              • Part of subcall function 006E5688: std::_Lockit::~_Lockit.LIBCPMT ref: 006E573D
                                                                                                                                                                              • Part of subcall function 006E80D9: __EH_prolog3.LIBCMT ref: 006E80E0
                                                                                                                                                                              • Part of subcall function 006E80D9: std::_Lockit::_Lockit.LIBCPMT ref: 006E80EA
                                                                                                                                                                              • Part of subcall function 006E80D9: std::_Lockit::~_Lockit.LIBCPMT ref: 006E815B
                                                                                                                                                                            • numpunct.LIBCPMT ref: 006EE6F7
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE4A3
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006EE7D4
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
                                                                                                                                                                            • String ID: @sw$Dsw$Dsw$Hsw$Hsw$Lsw$Psw$Tsw$Xsw$Xsw$\sw$\sw$`sw$`sw$dsw$hsw$hsw
                                                                                                                                                                            • API String ID: 3784148211-2765508151
                                                                                                                                                                            • Opcode ID: 2407f38738e44e5fb8ff3d6454ecc41d9f601e1aababa6eee4b37fdc56686da3
                                                                                                                                                                            • Instruction ID: 4830a96e2b80f2bdc7a0996a6ce9afdb63315b37fc31d279180a228013baf24c
                                                                                                                                                                            • Opcode Fuzzy Hash: 2407f38738e44e5fb8ff3d6454ecc41d9f601e1aababa6eee4b37fdc56686da3
                                                                                                                                                                            • Instruction Fuzzy Hash: AFE1F670D02395AEDF647F628846ABF7EA6EF41354F14442CF8096B382EB364D0097E6
                                                                                                                                                                            Function 006D0780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 006D08E0, 006D0A44
                                                                                                                                                                            • Failed to parse DeleteFile as a boolean - default to false, xrefs: 006D08D9
                                                                                                                                                                            • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 006D0A3D, 006D0A42
                                                                                                                                                                            • Unable to substitute DeleteFile attribute, xrefs: 006D08BC
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 006D095D, 006D09A2, 006D09D9, 006D0A14
                                                                                                                                                                            • Unable to create destination directory (%d), xrefs: 006D099B
                                                                                                                                                                            • Failed to extract cab (%s), xrefs: 006D09D2
                                                                                                                                                                            • Unable to verify signature for file: %s, xrefs: 006D0956
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 006D08E5, 006D0962, 006D09A7, 006D09DE, 006D0A19, 006D0A49
                                                                                                                                                                            • Source, xrefs: 006D07D1
                                                                                                                                                                            • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 006D0A31
                                                                                                                                                                            • invalid substitutor, xrefs: 006D07C5
                                                                                                                                                                            • DestDir, xrefs: 006D0813
                                                                                                                                                                            • DeleteFile, xrefs: 006D086B
                                                                                                                                                                            • Failed to delete src cab (%d), xrefs: 006D0A0D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                            • API String ID: 0-2605792675
                                                                                                                                                                            • Opcode ID: f65c1f48ea27f8a8380b05237b47d43ddef47c0bb354b24520b6ebc1f0e58e6a
                                                                                                                                                                            • Instruction ID: 61072d10dc0f38793917bf22c3d85812b1378b3ac74c7e20f8d9626bcb4c02e5
                                                                                                                                                                            • Opcode Fuzzy Hash: f65c1f48ea27f8a8380b05237b47d43ddef47c0bb354b24520b6ebc1f0e58e6a
                                                                                                                                                                            • Instruction Fuzzy Hash: DF91D0B1E40308ABEB10DF94D856BEEB7B6AF15700F04011EF5056B382EB79A945CBA5
                                                                                                                                                                            Function 0069A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0069DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069DF0C
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069A143
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069A1AA
                                                                                                                                                                              • Part of subcall function 0069E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E161
                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0069A1C1
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0069A1DD
                                                                                                                                                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 0069A24C
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0069A268
                                                                                                                                                                            • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 0069A410
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 0069A46F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                            • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                            • API String ID: 1380281556-3274429967
                                                                                                                                                                            • Opcode ID: 48fa3290811feb6b1674f432e1ec8025f2ff01ca4230f85a3f72dd4d2212ba80
                                                                                                                                                                            • Instruction ID: 402be8cb2db5a9b37af4f17299d887939fe45150b08d3ed60836af3843dc57cf
                                                                                                                                                                            • Opcode Fuzzy Hash: 48fa3290811feb6b1674f432e1ec8025f2ff01ca4230f85a3f72dd4d2212ba80
                                                                                                                                                                            • Instruction Fuzzy Hash: BDB1C270A003099BDF54EFA0C855BEDB7BABF40300F14426DE81967781EB756A49CB96
                                                                                                                                                                            Function 006D0FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,3536BAD2,000000FF,00000000,00000000,0072DF30,000000FF), ref: 006D0FE8
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 006D0FF8
                                                                                                                                                                            • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,3536BAD2,000000FF,00000000,00000000,0072DF30,000000FF), ref: 006D1037
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006D1058
                                                                                                                                                                            • GetFileSize.KERNEL32(?,?), ref: 006D1088
                                                                                                                                                                            • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 006D109C
                                                                                                                                                                            • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 006D10D9
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006D10F0
                                                                                                                                                                            Strings
                                                                                                                                                                            • CreateFileTransactedW, xrefs: 006D0FF2
                                                                                                                                                                            • Failed to map file to memory, xrefs: 006D1101
                                                                                                                                                                            • NWebAdvisor::CFileMemMap::Init, xrefs: 006D1066, 006D1108
                                                                                                                                                                            • Failed to open the file: %d, xrefs: 006D105F
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 006D106B, 006D110D
                                                                                                                                                                            • kernel32.dll, xrefs: 006D0FE3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                            • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                            • API String ID: 2423579280-2843467768
                                                                                                                                                                            • Opcode ID: b0874100e75de0dc10ee953a19c164b70d67abf6000b10c8540616448ff5c6bd
                                                                                                                                                                            • Instruction ID: fc998e31982a22db4f3b18b3b66514e727ac5985a9ea286f1cf19b895c61554a
                                                                                                                                                                            • Opcode Fuzzy Hash: b0874100e75de0dc10ee953a19c164b70d67abf6000b10c8540616448ff5c6bd
                                                                                                                                                                            • Instruction Fuzzy Hash: BB41A9B1B40305BBEB209F60DC46FAA77A5BB05B10F104619F615AB3C1DBF5A940CB98
                                                                                                                                                                            Function 0069E843 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 319COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069E8A8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                            • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`ato$`u
                                                                                                                                                                            • API String ID: 539357862-949231692
                                                                                                                                                                            • Opcode ID: 5bb4702a1aa2c1bd84d20f11205c49f742101b71f4379f6c74e48de436b2ed0b
                                                                                                                                                                            • Instruction ID: 6b991be56b6d86534138b74a71cf257b8638ca922ef082bca78fd7e454e756b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 5bb4702a1aa2c1bd84d20f11205c49f742101b71f4379f6c74e48de436b2ed0b
                                                                                                                                                                            • Instruction Fuzzy Hash: FAD19D70A002198BDF64EB60CD45BEDB3BAAF45305F4045ECE50AA7681DB74AB88CF65
                                                                                                                                                                            Function 006D2FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,3536BAD2), ref: 006D30F1
                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000008), ref: 006D317C
                                                                                                                                                                            Strings
                                                                                                                                                                            • Error (%d) deleting registry value (%s) in key: %s, xrefs: 006D319D
                                                                                                                                                                            • Invalid substitutor, xrefs: 006D3005
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 006D3108, 006D3163, 006D31A9, 006D31D1
                                                                                                                                                                            • Key, xrefs: 006D3013
                                                                                                                                                                            • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 006D3157
                                                                                                                                                                            • Error opening HKLM registry key: %d, xrefs: 006D30FC
                                                                                                                                                                            • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 006D31C5
                                                                                                                                                                            • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 006D31BC
                                                                                                                                                                            • Name, xrefs: 006D3055
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 006D3103, 006D315E, 006D31A4, 006D31CC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                            • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                            • API String ID: 47109696-1081640057
                                                                                                                                                                            • Opcode ID: 82f30ae53239b8037aecc491c4dcd32ae39e12fd5220b260018d7d541c29d20d
                                                                                                                                                                            • Instruction ID: 1dacb2bbe655c2bc622181729ea404eb431fefb3d5b9f021e960d39208033f09
                                                                                                                                                                            • Opcode Fuzzy Hash: 82f30ae53239b8037aecc491c4dcd32ae39e12fd5220b260018d7d541c29d20d
                                                                                                                                                                            • Instruction Fuzzy Hash: 8A51A0B0A41219ABDB10DF90DC46BEEB7BAEB05B04F500519F50177381DBB8AE44CBA6
                                                                                                                                                                            Function 006B8400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,0076F278,00000023,00000001,00000004,00000000,00000000), ref: 006B8462
                                                                                                                                                                            • CreateDirectoryW.KERNEL32(0076F278,00000000,0076F278,00000104,\McAfee\), ref: 006B8491
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006B849D
                                                                                                                                                                            • CreateDirectoryW.KERNEL32(0076F278,00000000,0076F278,00000104,0076F070), ref: 006B84C5
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006B84CB
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00000104), ref: 006B84FC
                                                                                                                                                                            • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 006B8511
                                                                                                                                                                            • CreateDirectoryW.KERNEL32(0076F278,00000000,0076F278,00000104,00000000), ref: 006B852E
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006B8534
                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 006B85B9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                            • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                            • API String ID: 922589859-3713371193
                                                                                                                                                                            • Opcode ID: 14a91eeda42d55f80e4e4e5dc9ecb0ededbe2c034d915935daacd71a61de5faf
                                                                                                                                                                            • Instruction ID: 0a51105d054504710be621190f681e559b5b60504ef16e05cf661d40e0be0345
                                                                                                                                                                            • Opcode Fuzzy Hash: 14a91eeda42d55f80e4e4e5dc9ecb0ededbe2c034d915935daacd71a61de5faf
                                                                                                                                                                            • Instruction Fuzzy Hash: 5051B5F5A80308AFEF209B64EC86FDD77A9AB14704F1045A4F909A72D1DAB49DC0CF95
                                                                                                                                                                            Function 0070CE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$Info
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2509303402-0
                                                                                                                                                                            • Opcode ID: 389049967ab306350057f70f1f127b6833443944da3548705898237056ebdf13
                                                                                                                                                                            • Instruction ID: 84ac15d396f89298b75041ff2e1c19c0b25f6ee2b564c7e3f16120e6f469b57b
                                                                                                                                                                            • Opcode Fuzzy Hash: 389049967ab306350057f70f1f127b6833443944da3548705898237056ebdf13
                                                                                                                                                                            • Instruction Fuzzy Hash: 3BD16E71900305DFDB21DFB8C885BEEBBF5BF48300F144269E899A7292DA79AD45CB50
                                                                                                                                                                            Function 006C0950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006C0490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 006C04AA
                                                                                                                                                                              • Part of subcall function 006C0490: GetLastError.KERNEL32 ref: 006C04B8
                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 006C0BB5
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006C0BC2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                            • String ID: _k$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                            • API String ID: 1552088572-1654573983
                                                                                                                                                                            • Opcode ID: f41e4dabaf2731d2d353cee91982f3dd1ebad3992b09f8aa35ac79049bc71111
                                                                                                                                                                            • Instruction ID: 92a730350d2a502285cab17764a20345db579f8e7d55728464111dbbd2c00a2f
                                                                                                                                                                            • Opcode Fuzzy Hash: f41e4dabaf2731d2d353cee91982f3dd1ebad3992b09f8aa35ac79049bc71111
                                                                                                                                                                            • Instruction Fuzzy Hash: 79A18A71D00319DEEB00DFA4C845BEEBBB6EF18704F14421DE905B7281EBB46A85CBA5
                                                                                                                                                                            Function 006D3300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006D3545
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Close
                                                                                                                                                                            • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                            • API String ID: 3535843008-3762851336
                                                                                                                                                                            • Opcode ID: 8eedefd1237d1a436de9cae315e1397d65a9343f2fad1ee795f0a308e35bae5d
                                                                                                                                                                            • Instruction ID: 1473a69826d0e072bb1e64dac8ce96f6eb9c5d42c2722319f56d0eb80f462e55
                                                                                                                                                                            • Opcode Fuzzy Hash: 8eedefd1237d1a436de9cae315e1397d65a9343f2fad1ee795f0a308e35bae5d
                                                                                                                                                                            • Instruction Fuzzy Hash: 5571E5B1E40224ABDF109F54D842BEDB7B6BF04B00F54451AE91577381DBB8EE40CBA6
                                                                                                                                                                            Function 0071B4F0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free
                                                                                                                                                                            • String ID: xxw$xxw$|xw
                                                                                                                                                                            • API String ID: 269201875-188651141
                                                                                                                                                                            • Opcode ID: 2d9210936557f61931fc7f2b6a0c58cd785805153961f82a7539c0a6cd2efde6
                                                                                                                                                                            • Instruction ID: fad4ad279d703d6763a4f362b2681ee4b2dcc95f5ecce8e7d58a8ae0845cfc32
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d9210936557f61931fc7f2b6a0c58cd785805153961f82a7539c0a6cd2efde6
                                                                                                                                                                            • Instruction Fuzzy Hash: 9461A271900704EFDB20DF78D841BEAB7F9AF58710F204569E956AB2C2EB789D818B50
                                                                                                                                                                            Function 006F87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0077742C,00000FA0,?,?,006F87C5), ref: 006F87F3
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,006F87C5), ref: 006F87FE
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,006F87C5), ref: 006F880F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006F8821
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006F882F
                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,006F87C5), ref: 006F8852
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(0077742C,00000007,?,?,006F87C5), ref: 006F8875
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,006F87C5), ref: 006F8885
                                                                                                                                                                            Strings
                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006F87F9
                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 006F881B
                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 006F8827
                                                                                                                                                                            • kernel32.dll, xrefs: 006F880A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                            • Opcode ID: 0dcf14412e2e9460df5de3ed51e4a88c05c468a80be904b775c1ed9be627a6c5
                                                                                                                                                                            • Instruction ID: 7f405d9a30afe6429932511b467c75bb50b208d9d2066902993413fda2c7c2f6
                                                                                                                                                                            • Opcode Fuzzy Hash: 0dcf14412e2e9460df5de3ed51e4a88c05c468a80be904b775c1ed9be627a6c5
                                                                                                                                                                            • Instruction Fuzzy Hash: D4018871A447156FE7241B74AC09B663E5DBB80B92B148474FA19D32D0DFBCC840C669
                                                                                                                                                                            Function 0071B0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                            • Opcode ID: 2f72172ddfafa23d1da2bea2410a5c69f7cede33412caa34d0c07d9112422afa
                                                                                                                                                                            • Instruction ID: 7059303339a8b597940cc3c00423580a64c4641337098ec41dc7c36bb16fde20
                                                                                                                                                                            • Opcode Fuzzy Hash: 2f72172ddfafa23d1da2bea2410a5c69f7cede33412caa34d0c07d9112422afa
                                                                                                                                                                            • Instruction Fuzzy Hash: D4C10176940604EFDB60DBACDC86FEE77F8AB08700F244165FE05EB2C2D67499819791
                                                                                                                                                                            Function 006B91A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,0075A536,00000003), ref: 006B91C9
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006B91DE
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 006B91EE
                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 006B91FD
                                                                                                                                                                            Strings
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 006B9284, 006B933B
                                                                                                                                                                            • Failed to retrieve kernel verison, xrefs: 006B932C
                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 006B927F, 006B9336
                                                                                                                                                                            • %d.%d.%d.%d, xrefs: 006B925E
                                                                                                                                                                            • kernel32.dll, xrefs: 006B91B8
                                                                                                                                                                            • Failed to format version, xrefs: 006B9275
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                            • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                            • API String ID: 3968257194-3470154288
                                                                                                                                                                            • Opcode ID: b94948067873a48283082aa4f8e2841a8e79a1d886082aa018942d53791681c7
                                                                                                                                                                            • Instruction ID: 857c7696e570bccc6428f224ca3ed67e87376aaa7a963a5146e2ae57e87a1df6
                                                                                                                                                                            • Opcode Fuzzy Hash: b94948067873a48283082aa4f8e2841a8e79a1d886082aa018942d53791681c7
                                                                                                                                                                            • Instruction Fuzzy Hash: 2351FBB0A003149BDF24AF24DC45BEB77F5EF04704F10459CE90A9B2C2D7B5AA81CBA4
                                                                                                                                                                            Function 006FC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 006FC435
                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 006FC457
                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 006FC566
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 006FC638
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 006FC6BC
                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 006FC6D7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                                                            • Opcode ID: 57ffbe72f90c972c9e746367526523393d2486ddbe3772cb9b2481cd6be9025b
                                                                                                                                                                            • Instruction ID: bf4566e8695ba671d88b6d7333d64a7ad69ae7a4c40af68506b340c7628b6b47
                                                                                                                                                                            • Opcode Fuzzy Hash: 57ffbe72f90c972c9e746367526523393d2486ddbe3772cb9b2481cd6be9025b
                                                                                                                                                                            • Instruction Fuzzy Hash: 38B15A7180020DEFCF15DFA4CA819BEBBB6BF14320B144159EA15AB312D731DA61CF95
                                                                                                                                                                            Function 006969A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DeviceIoControl.KERNEL32(3536BAD2,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 006969E9
                                                                                                                                                                            • CloseHandle.KERNEL32(3536BAD2,?,?,00000000), ref: 006969FB
                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00696A2A
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00696A3D
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00696A8B
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00696A9E
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00696AB8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                            • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                            • API String ID: 2321898493-1077453148
                                                                                                                                                                            • Opcode ID: fb595baf2e57216819c1ac928a202150c51c00759fa0efa7978395cc42f9c39b
                                                                                                                                                                            • Instruction ID: df993eb0644695b7292763de88733cfb5929bfa3d5be40a5dcdba12509397412
                                                                                                                                                                            • Opcode Fuzzy Hash: fb595baf2e57216819c1ac928a202150c51c00759fa0efa7978395cc42f9c39b
                                                                                                                                                                            • Instruction Fuzzy Hash: A63193713003059BEB249F24DC89FAA77AAAF44B11F148619F915EB7D0DBB4EC04CAA5
                                                                                                                                                                            Function 006D4280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 006D4388
                                                                                                                                                                            • Unable to set proxy option, error: %d, xrefs: 006D43CE
                                                                                                                                                                            • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 006D431E
                                                                                                                                                                            • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 006D4381
                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::Connect, xrefs: 006D43D8
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 006D432A, 006D438D, 006D43DD
                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 006D4325
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                            • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                            • API String ID: 1452528299-2881327693
                                                                                                                                                                            • Opcode ID: 1692b39f3802c5e69bddeca9f5f60aa0f3f73cd28c310d21c106ce9b5e0e50b1
                                                                                                                                                                            • Instruction ID: 86541504e88fc586f4ff01fd48401315914013848ac92af882b98467408617b3
                                                                                                                                                                            • Opcode Fuzzy Hash: 1692b39f3802c5e69bddeca9f5f60aa0f3f73cd28c310d21c106ce9b5e0e50b1
                                                                                                                                                                            • Instruction Fuzzy Hash: DD414EB1E40309AFEB10DFA9CC45BEEB7F9EF18704F00811AE914A6280DBB59D54CB65
                                                                                                                                                                            Function 006FE00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __aulldvrm
                                                                                                                                                                            • String ID: :$f$f$f$p$p$p
                                                                                                                                                                            • API String ID: 1302938615-1434680307
                                                                                                                                                                            • Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                            • Instruction ID: cef84b2879547a037ce645987f42da4cae3d11a7ec99f162b51e64bb4146cac4
                                                                                                                                                                            • Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                            • Instruction Fuzzy Hash: CB029375A0021DDADF208FA8D4486FDBFB7FB04B14F64419AD614BB2A0D7725E88CB16
                                                                                                                                                                            Function 006F6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F6947
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::_Lockit.LIBCPMT ref: 006AC995
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::_Lockit.LIBCPMT ref: 006AC9B7
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::~_Lockit.LIBCPMT ref: 006AC9D7
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::~_Lockit.LIBCPMT ref: 006ACAB1
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                            • API String ID: 1383202999-2891247106
                                                                                                                                                                            • Opcode ID: 22bb0e4bc61485dec9279686eceeaf18e82c972fd6c366fb4f13249277e89588
                                                                                                                                                                            • Instruction ID: 049f77e3a7fc12799d511be284a08b3255d045db8d69f9a61f4bc51b029369dc
                                                                                                                                                                            • Opcode Fuzzy Hash: 22bb0e4bc61485dec9279686eceeaf18e82c972fd6c366fb4f13249277e89588
                                                                                                                                                                            • Instruction Fuzzy Hash: B4B18B7250010EABDF19DF68C966DFE7BBBEF19304F044119FB82A6291D631CA21DB20
                                                                                                                                                                            Function 006D0C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,3536BAD2,00000000), ref: 006D0E20
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006D0E2E
                                                                                                                                                                              • Part of subcall function 006D0FA0: GetModuleHandleW.KERNEL32(kernel32.dll,3536BAD2,000000FF,00000000,00000000,0072DF30,000000FF), ref: 006D0FE8
                                                                                                                                                                              • Part of subcall function 006D0FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 006D0FF8
                                                                                                                                                                              • Part of subcall function 006D0FA0: GetLastError.KERNEL32 ref: 006D1058
                                                                                                                                                                              • Part of subcall function 006B8650: std::locale::_Init.LIBCPMT ref: 006B882F
                                                                                                                                                                            Strings
                                                                                                                                                                            • Failed to load cab %s, xrefs: 006D0F05
                                                                                                                                                                            • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 006D0F0C
                                                                                                                                                                            • NWebAdvisor::CCabParser::GetContentFile, xrefs: 006D0D9B, 006D0E3C
                                                                                                                                                                            • Unable to create destination directory (%d), xrefs: 006D0D94
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 006D0DA0, 006D0E41, 006D0F11
                                                                                                                                                                            • CreateFile failed: %d, xrefs: 006D0E35
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                            • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                            • API String ID: 1808632809-3418505487
                                                                                                                                                                            • Opcode ID: a9000707f4d3b9384a092658fa23982ec880942345866281267462b8c996043f
                                                                                                                                                                            • Instruction ID: a2a36db476b6da3931e4aeae6fc145d68d3cf799d911971058817fd6f8199c18
                                                                                                                                                                            • Opcode Fuzzy Hash: a9000707f4d3b9384a092658fa23982ec880942345866281267462b8c996043f
                                                                                                                                                                            • Instruction Fuzzy Hash: 6F9191B1E00208EFDB14DFA4D896BEEB7B9EF04704F20812EF515A7281D775AA05CB64
                                                                                                                                                                            Function 0071F5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 404479bec49aa1fdd794d7992d261e1bbc513a6197fba4e3da1970096c75874d
                                                                                                                                                                            • Instruction ID: 226b94cf4e69851114f947cd1448aa27deee64ddde5cacb90ac5b6f393e14a2e
                                                                                                                                                                            • Opcode Fuzzy Hash: 404479bec49aa1fdd794d7992d261e1bbc513a6197fba4e3da1970096c75874d
                                                                                                                                                                            • Instruction Fuzzy Hash: D2C1E2B0A04249AFDB15DFACC881BFDBBB1AF49300F148169E5159B3D2C739AD81CB64
                                                                                                                                                                            Function 006CC600 Relevance: 13.7, APIs: 9, Instructions: 240COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 006CC641
                                                                                                                                                                              • Part of subcall function 006E3084: __EH_prolog3.LIBCMT ref: 006E308B
                                                                                                                                                                              • Part of subcall function 006E3084: std::_Lockit::_Lockit.LIBCPMT ref: 006E3096
                                                                                                                                                                              • Part of subcall function 006E3084: std::locale::_Setgloballocale.LIBCPMT ref: 006E30B1
                                                                                                                                                                              • Part of subcall function 006E3084: std::_Lockit::~_Lockit.LIBCPMT ref: 006E3107
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006CC6CB
                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006CC713
                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 006CC748
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006CC7DD
                                                                                                                                                                              • Part of subcall function 006FE960: _free.LIBCMT ref: 006FE973
                                                                                                                                                                            • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 006CC807
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006CC82B
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006CC84C
                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 006CC85B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$std::locale::_$Lockit::_Lockit::~_$Locimp::_Locinfo::_$AddfacH_prolog3InitLocimpLocimp_Locinfo_ctorLocinfo_dtorNew_Setgloballocale_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3142054045-0
                                                                                                                                                                            • Opcode ID: 892bfcae5da2a1ddfc2fd9815a51382cac9db199ae26edb04230f2ae75831a61
                                                                                                                                                                            • Instruction ID: 46bc524c1eeb82452d0cab2b2330840e5470b3b2f81700654337995ff6508f00
                                                                                                                                                                            • Opcode Fuzzy Hash: 892bfcae5da2a1ddfc2fd9815a51382cac9db199ae26edb04230f2ae75831a61
                                                                                                                                                                            • Instruction Fuzzy Hash: 6BA19BB0D017499FEB10DFA5C845BAEBBF5EF04304F14412DE809A7391EBB9AA44CB95
                                                                                                                                                                            Function 006CE760 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 006CE877
                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000014), ref: 006CE8A9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CertCertificateContextProperty
                                                                                                                                                                            • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4
                                                                                                                                                                            • API String ID: 665277682-3196566809
                                                                                                                                                                            • Opcode ID: e1fe325ae4c696148cf9b450ea5a070cc7abbca279b2143e1f137ec374ecffe1
                                                                                                                                                                            • Instruction ID: 5221cbe0a29a3c9b1ce18b5af1bcfce2fb460e8b82be340d2a066c2fec3e7c29
                                                                                                                                                                            • Opcode Fuzzy Hash: e1fe325ae4c696148cf9b450ea5a070cc7abbca279b2143e1f137ec374ecffe1
                                                                                                                                                                            • Instruction Fuzzy Hash: 9451E475A012059BCB609F64D891FFAB7B7EF11320F0842ADD95A9B3A2D732ED10C790
                                                                                                                                                                            Function 006AE2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: z
                                                                                                                                                                            • API String ID: 0-1657960367
                                                                                                                                                                            • Opcode ID: f0509bb6d01162e980877877dbf80bf3cef30bb85cbfabed44c506fed48f6173
                                                                                                                                                                            • Instruction ID: 48c895a6ab6bf204afc79cb890afc19a8961805158c3163cff461abf08eb9fc5
                                                                                                                                                                            • Opcode Fuzzy Hash: f0509bb6d01162e980877877dbf80bf3cef30bb85cbfabed44c506fed48f6173
                                                                                                                                                                            • Instruction Fuzzy Hash: 215151B1A00219ABEB10EB94DC44FEEB7BDFB49324F104169E905A3281E7759E45CFA4
                                                                                                                                                                            Function 00697107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697D3D
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00697DC8
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00697DFC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697EBB
                                                                                                                                                                              • Part of subcall function 006A4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A521E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                            • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                            • API String ID: 342047005-375236208
                                                                                                                                                                            • Opcode ID: bb7fab591d6f200e252b05abc41b19630d0c5a7ff36015ceddc79c54ba8503f6
                                                                                                                                                                            • Instruction ID: 03431d145c1b5deda316f2d9f7d3f851c3eb6e2e20104cdd620fca12f4359e31
                                                                                                                                                                            • Opcode Fuzzy Hash: bb7fab591d6f200e252b05abc41b19630d0c5a7ff36015ceddc79c54ba8503f6
                                                                                                                                                                            • Instruction Fuzzy Hash: C351E271914248CFDF54EF60D855BEE77BAFF05300F5042ADE8069B281EB74AA09CB65
                                                                                                                                                                            Function 0069A6B6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,3536BAD2,?,?), ref: 0069A531
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069A73D
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069A7AC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069A989
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                            • String ID: Event string is empty$Unexpected return value: $`u
                                                                                                                                                                            • API String ID: 1703231451-2649995208
                                                                                                                                                                            • Opcode ID: d88869a6198768adf55d02f6bd70f8e53b7b7298c6b29ab60fadc8cfad465d66
                                                                                                                                                                            • Instruction ID: c3c69ad572fbdbb4884fcdf165f5b211de48335b6e5901c107e6205d9122cffa
                                                                                                                                                                            • Opcode Fuzzy Hash: d88869a6198768adf55d02f6bd70f8e53b7b7298c6b29ab60fadc8cfad465d66
                                                                                                                                                                            • Instruction Fuzzy Hash: 7051F5709002089BDF58EFE4CC89BEDB7BBAF40314F14429CE4155B6D2CB745A85CBA6
                                                                                                                                                                            Function 006E8203 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E820A
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8214
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006E824E
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E8265
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E8285
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8292
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID: `sw
                                                                                                                                                                            • API String ID: 3376033448-2112216216
                                                                                                                                                                            • Opcode ID: 5f188e69d020ac265bf847d267e392343fa549812d120e107f1b164d028345df
                                                                                                                                                                            • Instruction ID: 19b16473a2b43abfc80a56deaad95c26b0b694b487dfda5ce868005927169608
                                                                                                                                                                            • Opcode Fuzzy Hash: 5f188e69d020ac265bf847d267e392343fa549812d120e107f1b164d028345df
                                                                                                                                                                            • Instruction Fuzzy Hash: 7301C0319012A99FCB44EBA5C855ABD7763BF80710F24450DFA14AB391DF749F01CB98
                                                                                                                                                                            Function 006E8298 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E829F
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E82A9
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006E82E3
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E82FA
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E831A
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8327
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID: \sw
                                                                                                                                                                            • API String ID: 3376033448-1351925868
                                                                                                                                                                            • Opcode ID: 263b0fa2dee452a2539c6d9a135ce790b68ae35d94748e5d89d10442cb916ad1
                                                                                                                                                                            • Instruction ID: df7383ca9334543afdf67f9f2e610a52ed5c27cd0dc247f9e15e0fd414bea3ac
                                                                                                                                                                            • Opcode Fuzzy Hash: 263b0fa2dee452a2539c6d9a135ce790b68ae35d94748e5d89d10442cb916ad1
                                                                                                                                                                            • Instruction Fuzzy Hash: 7E01A1319012A99FCB04EBA5C845ABEB7A3AF40710F14410DE5186B3D1DF349E05CB98
                                                                                                                                                                            Function 006E832D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E8334
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E833E
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006E8378
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E838F
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E83AF
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E83BC
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID: 8sw
                                                                                                                                                                            • API String ID: 3376033448-524985232
                                                                                                                                                                            • Opcode ID: f931ae48c939a0f92ae8ae3f7fe3bf35463ef916feb5f300a0cd3434cba68802
                                                                                                                                                                            • Instruction ID: e50746e0eddcec2e47628e03ee567595a53074c0a790252fa6eb8c905550fb58
                                                                                                                                                                            • Opcode Fuzzy Hash: f931ae48c939a0f92ae8ae3f7fe3bf35463ef916feb5f300a0cd3434cba68802
                                                                                                                                                                            • Instruction Fuzzy Hash: 1C01C0359012A99FCB04FBA5C805ABE7BA3AF80710F24415CE8146B3D1DF749E01DB98
                                                                                                                                                                            Function 006E83C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E83C9
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E83D3
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006E840D
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E8424
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E8444
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8451
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID: 4sw
                                                                                                                                                                            • API String ID: 3376033448-374364916
                                                                                                                                                                            • Opcode ID: d4af9bd6df06a7f21b5324c7ee0fcaa572deb6af92b36ee871b2fc5e74c653b0
                                                                                                                                                                            • Instruction ID: 7811121b3ea94d853ea88d2fab8e0bc532e2b49b6a817f2628639c18347c661a
                                                                                                                                                                            • Opcode Fuzzy Hash: d4af9bd6df06a7f21b5324c7ee0fcaa572deb6af92b36ee871b2fc5e74c653b0
                                                                                                                                                                            • Instruction Fuzzy Hash: 6A0100318012AA9FCB08EB65C805ABE77A3BF80310F20011CF9156B3C1DF349E01CB99
                                                                                                                                                                            Function 006E8616 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E861D
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8627
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • numpunct.LIBCPMT ref: 006E8661
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E8678
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E8698
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E86A5
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                            • String ID: Hsw
                                                                                                                                                                            • API String ID: 3064348918-1270598592
                                                                                                                                                                            • Opcode ID: 412ecdec27d4c96bd59d4db65e432b0353d3cdc7a5dd85f43952284a453d8071
                                                                                                                                                                            • Instruction ID: a77ed5f4420bf7cbf2428df648f7b5e4c4ed29f9a9dcc72acd4ee394ea2fcffe
                                                                                                                                                                            • Opcode Fuzzy Hash: 412ecdec27d4c96bd59d4db65e432b0353d3cdc7a5dd85f43952284a453d8071
                                                                                                                                                                            • Instruction Fuzzy Hash: 9501C0719013A99FCB04EBA5C859ABDB763AF80718F24451CE9186B3C1DF349E41CB98
                                                                                                                                                                            Function 0071A764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                                                            • Opcode ID: 2e86a90c08d4465976de58fb3200f5b09000f439d1488fe3aff4acd08ee15f1e
                                                                                                                                                                            • Instruction ID: c2521bb84d0a1a4b6bfd93383d8c55564c48dfed2d4d473823ed938f9654982b
                                                                                                                                                                            • Opcode Fuzzy Hash: 2e86a90c08d4465976de58fb3200f5b09000f439d1488fe3aff4acd08ee15f1e
                                                                                                                                                                            • Instruction Fuzzy Hash: BC5117B0905305FFDB21AFBC8C46AED77A8AF01350F11816AE515972C2EB3D99C1CB56
                                                                                                                                                                            Function 006A8690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006F987E: EnterCriticalSection.KERNEL32(007777A0,?,00000101,?,006A86A7,00000000,?,00000101,?,00000000,?,?,006AC338,-00000010), ref: 006F9889
                                                                                                                                                                              • Part of subcall function 006F987E: LeaveCriticalSection.KERNEL32(007777A0,?,006A86A7,00000000,?,00000101,?,00000000,?,?,006AC338,-00000010,?,?,?,3536BAD2), ref: 006F98B5
                                                                                                                                                                            • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006A86D6
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 006A86E4
                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 006A86EF
                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 006A86FD
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,00000006), ref: 006A8764
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 006A8776
                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 006A8785
                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 006A8797
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 506522749-0
                                                                                                                                                                            • Opcode ID: f186c352b728de1a0e8ef68d5ba0f87792dc2569326d47980c73ea6e8e5066fa
                                                                                                                                                                            • Instruction ID: 13235455fe2b4b51cd4f1a6b51c892895ae0f3e007d0a1d28360c87da5b7d8b3
                                                                                                                                                                            • Opcode Fuzzy Hash: f186c352b728de1a0e8ef68d5ba0f87792dc2569326d47980c73ea6e8e5066fa
                                                                                                                                                                            • Instruction Fuzzy Hash: 63410231A002119FD724BF289884ABFB3EAEF95341F10496DFD5697341FE38DC058AA5
                                                                                                                                                                            Function 0071087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00711CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00714E01), ref: 00711CAE
                                                                                                                                                                              • Part of subcall function 00711CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00711D4C
                                                                                                                                                                            • _free.LIBCMT ref: 00710B8A
                                                                                                                                                                            • _free.LIBCMT ref: 00710BA3
                                                                                                                                                                            • _free.LIBCMT ref: 00710BE1
                                                                                                                                                                            • _free.LIBCMT ref: 00710BEA
                                                                                                                                                                            • _free.LIBCMT ref: 00710BF6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorLast
                                                                                                                                                                            • String ID: C
                                                                                                                                                                            • API String ID: 3291180501-1037565863
                                                                                                                                                                            • Opcode ID: 4ac1097147f79ed2f877d2b7de80ed754ccd4b06b6a28e38c0edc2da9985493d
                                                                                                                                                                            • Instruction ID: 33b7b0c6594227323b1953b0f38f76bd9555ca12bbffeddbe269049866f85717
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac1097147f79ed2f877d2b7de80ed754ccd4b06b6a28e38c0edc2da9985493d
                                                                                                                                                                            • Instruction Fuzzy Hash: 8AB11975901219DBDB24DF18C898AE9B3B4FF18304F5085EAE909A7391D775AED0CF80
                                                                                                                                                                            Function 006A1230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitOnceBeginInitialize.KERNEL32(0077823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,3536BAD2,?,?), ref: 006A125A
                                                                                                                                                                            • InitOnceComplete.KERNEL32(0077823C,00000000,00000000), ref: 006A1278
                                                                                                                                                                            Strings
                                                                                                                                                                            • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 006A12EC, 006A13D7
                                                                                                                                                                            • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 006A12F3, 006A13DE
                                                                                                                                                                            • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 006A13E3
                                                                                                                                                                            • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 006A12F8
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                            • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                            • API String ID: 51270584-3897904871
                                                                                                                                                                            • Opcode ID: d52e9318340fa0c41c1b9dca52857c5fa6b2f50a2c9f4f94866ac238a92ddcb1
                                                                                                                                                                            • Instruction ID: 9b8687a5f9e7646dbb3bc73b996ee583635da4588a7116d1fdddb0c70583bd9e
                                                                                                                                                                            • Opcode Fuzzy Hash: d52e9318340fa0c41c1b9dca52857c5fa6b2f50a2c9f4f94866ac238a92ddcb1
                                                                                                                                                                            • Instruction Fuzzy Hash: C451CE717003069BDB04EF28DC42BAFB7A6BF9A701F04452DF9099B281DA71ED048B96
                                                                                                                                                                            Function 006A52D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                            • API String ID: 0-1483847951
                                                                                                                                                                            • Opcode ID: 73422c2bb6737dae1d1a68153396efede14247c9056424e2b83d876c0565bf78
                                                                                                                                                                            • Instruction ID: 5867d740a13c91794dce83d6672eb4ce316b6eecf43999dffe131196f8902118
                                                                                                                                                                            • Opcode Fuzzy Hash: 73422c2bb6737dae1d1a68153396efede14247c9056424e2b83d876c0565bf78
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F816970A04388CBEB14DFA8C5487DDBBB2BF45314F24825DD425AB392D7B84A44CF55
                                                                                                                                                                            Function 006AC960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006AC995
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006AC9B7
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006AC9D7
                                                                                                                                                                            • __Getctype.LIBCPMT ref: 006ACA70
                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 006ACA82
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006ACA8F
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006ACAB1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3947131827-0
                                                                                                                                                                            • Opcode ID: 9d183771f915a459903da8a90a073051754094ac7f923f722b74a997b7d031aa
                                                                                                                                                                            • Instruction ID: ab2cb891b94c8fdc55e950f757e84ca669ef58f3fa59a2b3c5f5ee780d94d1b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 9d183771f915a459903da8a90a073051754094ac7f923f722b74a997b7d031aa
                                                                                                                                                                            • Instruction Fuzzy Hash: BE41E071900258DFCB11EF58D841ABEB7B6FF45320F10816DE81AAB391EB34AE45CB85
                                                                                                                                                                            Function 0069A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,3536BAD2,?,?), ref: 0069A531
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069A58B
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069A989
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069A99D
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unexpected return value: , xrefs: 0069A8CC
                                                                                                                                                                            • Thread signalled when event queue is empty, xrefs: 0069A614
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                            • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                            • API String ID: 3324347728-3645029203
                                                                                                                                                                            • Opcode ID: 9ab569282b35912bd5aa080400a9904d040a8454af2585618482fa75b5528a85
                                                                                                                                                                            • Instruction ID: 6d0360cf5c40f923481320c7e990bfe552bd5b275d4307eb365fc583800ec319
                                                                                                                                                                            • Opcode Fuzzy Hash: 9ab569282b35912bd5aa080400a9904d040a8454af2585618482fa75b5528a85
                                                                                                                                                                            • Instruction Fuzzy Hash: D641CFB0D002589ADF54EBE0CC497EDB7BAAF10314F1042ACE4056B2C1DB746A8ACB96
                                                                                                                                                                            Function 0071416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 0-537541572
                                                                                                                                                                            • Opcode ID: a4d610f6963131f9c77d7b040404f2c30f61ceb5895a7f753f0bf112803a5026
                                                                                                                                                                            • Instruction ID: 5f6277fa2ba7e80b24c677af9c0bc83b468dad5d35927f289119f80d2e22c63c
                                                                                                                                                                            • Opcode Fuzzy Hash: a4d610f6963131f9c77d7b040404f2c30f61ceb5895a7f753f0bf112803a5026
                                                                                                                                                                            • Instruction Fuzzy Hash: 3921E471A41225FBDB318B6C9C44ADE37A8BB11B61F214160FD16AB2D1D778ECC1D5E0
                                                                                                                                                                            Function 006E8044 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E804B
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8055
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E80A6
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E80C6
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E80D3
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: ,sw
                                                                                                                                                                            • API String ID: 55977855-73771068
                                                                                                                                                                            • Opcode ID: afb5330e6ccadaabc25fd13f2921f2b0187dc864a115c17ca50de045c5c86130
                                                                                                                                                                            • Instruction ID: a29c8edd582a1d7cb2b7f71399eac4cd8f50c027df05a89cffaa2e24f2cec101
                                                                                                                                                                            • Opcode Fuzzy Hash: afb5330e6ccadaabc25fd13f2921f2b0187dc864a115c17ca50de045c5c86130
                                                                                                                                                                            • Instruction Fuzzy Hash: 9301C0319013A99FCB05EB65D855ABEB763AF80710F24011CE4146B3D1DF749E45CB98
                                                                                                                                                                            Function 006E80D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E80E0
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E80EA
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E813B
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E815B
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8168
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: Xsw
                                                                                                                                                                            • API String ID: 55977855-1469933744
                                                                                                                                                                            • Opcode ID: 67dac16773ce3e309b44cc5b0da042f92f5b103a0a7fbc98ffe5f83fa9ef4c29
                                                                                                                                                                            • Instruction ID: ece8e74a09ee797aa53b50a82d3d01adeb5e44954a43021b66339975b8a99a1b
                                                                                                                                                                            • Opcode Fuzzy Hash: 67dac16773ce3e309b44cc5b0da042f92f5b103a0a7fbc98ffe5f83fa9ef4c29
                                                                                                                                                                            • Instruction Fuzzy Hash: 3201C0319013AA9FCB05EB65D856AFE7B63AF80710F24051DF5146B381DF349E45CB98
                                                                                                                                                                            Function 006E816E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E8175
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E817F
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E81D0
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E81F0
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E81FD
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: 0sw
                                                                                                                                                                            • API String ID: 55977855-291107368
                                                                                                                                                                            • Opcode ID: c67797690c3b50e0d0b47ac1d662d1f11a8381281684b58455c572f3ce28e8d8
                                                                                                                                                                            • Instruction ID: 80ad61098bcac443a535a7f558bc7b119bccfbe9209032952d4b167fdbc96289
                                                                                                                                                                            • Opcode Fuzzy Hash: c67797690c3b50e0d0b47ac1d662d1f11a8381281684b58455c572f3ce28e8d8
                                                                                                                                                                            • Instruction Fuzzy Hash: 9B01C0319012AA9FCB05EB65C845AFDB7B7BF84720F24410DE818AB391DF349E01CB98
                                                                                                                                                                            Function 006E8457 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E845E
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8468
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E84B9
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E84D9
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E84E6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: @sw
                                                                                                                                                                            • API String ID: 55977855-1168677496
                                                                                                                                                                            • Opcode ID: 84a3a12ec4dbb8e9effff788ced3b73c240b9481d60419698c6b240952fe1923
                                                                                                                                                                            • Instruction ID: 82f7a31cecf1d28d1c2768b093cb16400a4b8a40f65ba49ab56ff2c043a3db10
                                                                                                                                                                            • Opcode Fuzzy Hash: 84a3a12ec4dbb8e9effff788ced3b73c240b9481d60419698c6b240952fe1923
                                                                                                                                                                            • Instruction Fuzzy Hash: 6F01AD319012AA9FCB05EB65C855ABE77A3BF80710F24450CF5186B3C1DF349A01CB98
                                                                                                                                                                            Function 006E84EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E84F3
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E84FD
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E854E
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E856E
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E857B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: sw
                                                                                                                                                                            • API String ID: 55977855-226447704
                                                                                                                                                                            • Opcode ID: 7e158f745b593600e5aa1c795578657f6bd1af6b748b86bbdc4808baccb905cb
                                                                                                                                                                            • Instruction ID: 33826085f4152fd2f3e227d0cf05afc1c73d85807d6b2b8572efe5894d8b6926
                                                                                                                                                                            • Opcode Fuzzy Hash: 7e158f745b593600e5aa1c795578657f6bd1af6b748b86bbdc4808baccb905cb
                                                                                                                                                                            • Instruction Fuzzy Hash: 740100318013A99FCB44EB65C805ABEB7A3BF80310F24810CE818AB3D1DF349E01CB89
                                                                                                                                                                            Function 006E8581 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E8588
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8592
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E85E3
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E8603
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8610
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: Dsw
                                                                                                                                                                            • API String ID: 55977855-1117860516
                                                                                                                                                                            • Opcode ID: ba779f85af0bef323a2537ed11547a4d0c9eeecd6b4dbf373f67801a672aacbd
                                                                                                                                                                            • Instruction ID: 0628900112e7bf9b5a8f271d55421501e897a6addfbb2590398ba7aedd665b07
                                                                                                                                                                            • Opcode Fuzzy Hash: ba779f85af0bef323a2537ed11547a4d0c9eeecd6b4dbf373f67801a672aacbd
                                                                                                                                                                            • Instruction Fuzzy Hash: 6601C0319012A99FCF44EBA5C845ABEB7A3BF80710F24054DE5186B381DF349E01CB99
                                                                                                                                                                            Function 006E86AB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E86B2
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E86BC
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E870D
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E872D
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E873A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: dsw
                                                                                                                                                                            • API String ID: 55977855-2062316612
                                                                                                                                                                            • Opcode ID: 933d761082226ebd177b12f67f8cb5a0f87a4fed9c349d155eefbbbc2754b9bc
                                                                                                                                                                            • Instruction ID: 5a6fe5362dffdfaa251af0b724202e7c579c4fe5e86567a043514bd2a6ce591e
                                                                                                                                                                            • Opcode Fuzzy Hash: 933d761082226ebd177b12f67f8cb5a0f87a4fed9c349d155eefbbbc2754b9bc
                                                                                                                                                                            • Instruction Fuzzy Hash: B201C0359012A99FCB05FB65C855ABDB7B3BF80710F24414CE914AB391DF389E01CB98
                                                                                                                                                                            Function 006E8740 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E8747
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E8751
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E87A2
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E87C2
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E87CF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: <sw
                                                                                                                                                                            • API String ID: 55977855-407046988
                                                                                                                                                                            • Opcode ID: f5009b796be045d7eb16cbbecdba14dcc9ba9e4a922e8c63878bb4bf8877cb3b
                                                                                                                                                                            • Instruction ID: 4ad613eead0c52626793bbc1e18bb5edbaa04982ab2eb6f078b9ef8cdf2904e5
                                                                                                                                                                            • Opcode Fuzzy Hash: f5009b796be045d7eb16cbbecdba14dcc9ba9e4a922e8c63878bb4bf8877cb3b
                                                                                                                                                                            • Instruction Fuzzy Hash: 1E01AD359012A9AFCF04FB65C845AAE7763AF84B10F24011CE8186B3C1DF749E40CB98
                                                                                                                                                                            Function 006E87D5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E87DC
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E87E6
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E8837
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E8857
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E8864
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID: hsw
                                                                                                                                                                            • API String ID: 55977855-1945537824
                                                                                                                                                                            • Opcode ID: 34f344bc3142114385cb5388919d836a9a38c241f1ca5e2ccbe0ac1ac7216a67
                                                                                                                                                                            • Instruction ID: 13e9231ee8bc9c7983da1bada42fa8f5f18759d144fa8043d794d0da3ef6c778
                                                                                                                                                                            • Opcode Fuzzy Hash: 34f344bc3142114385cb5388919d836a9a38c241f1ca5e2ccbe0ac1ac7216a67
                                                                                                                                                                            • Instruction Fuzzy Hash: F0010C318013A99FCB44EBA5C805ABEB7A3BF80710F20411CE914AB391DF349E04CB98
                                                                                                                                                                            Function 006F88B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88BA
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0077742C,?,?,00694086,0077827C,007368E0,?), ref: 006F88ED
                                                                                                                                                                            • RtlWakeAllConditionVariable.NTDLL ref: 006F8964
                                                                                                                                                                            • SetEvent.KERNEL32(?,00694086,0077827C,007368E0,?), ref: 006F896E
                                                                                                                                                                            • ResetEvent.KERNEL32(?,00694086,0077827C,007368E0,?), ref: 006F897A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                            • String ID: ,tw
                                                                                                                                                                            • API String ID: 3916383385-1260666619
                                                                                                                                                                            • Opcode ID: 4ce47bbfd212bd9e07044a974dd970e3b5ee139978fd566f27aeba638134c602
                                                                                                                                                                            • Instruction ID: 13523f037f7a6a1ce1ad35dcc5c25df40f9227d0739a69cfd856e6ebeeebb3f6
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ce47bbfd212bd9e07044a974dd970e3b5ee139978fd566f27aeba638134c602
                                                                                                                                                                            • Instruction Fuzzy Hash: 190146716082A4DFCB08AF28FC489A97BA9EB0D752700C06AE906D3360CB785841CB98
                                                                                                                                                                            Function 006F809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCPInfo.KERNEL32(?,?), ref: 006F8128
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006F81B6
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006F8228
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006F8242
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006F82A5
                                                                                                                                                                            • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 006F82C2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2984826149-0
                                                                                                                                                                            • Opcode ID: 5e47be8034ef1a472cc58bdf1340e03a86dc24fd7d67ce34e36a587c2c265d8c
                                                                                                                                                                            • Instruction ID: 5b7c0e15dc58e6dafd6444fda06d2656721cf956f5ef852177abef19d4de731b
                                                                                                                                                                            • Opcode Fuzzy Hash: 5e47be8034ef1a472cc58bdf1340e03a86dc24fd7d67ce34e36a587c2c265d8c
                                                                                                                                                                            • Instruction Fuzzy Hash: BC71923290060E9EEF218FA4CC45AFF7BB7AF45310F244199EA05A7250DF35DA05CBA4
                                                                                                                                                                            Function 006E68B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 006E6901
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 006E696C
                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006E6989
                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006E69C8
                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006E6A27
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 006E6A4A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiStringWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2829165498-0
                                                                                                                                                                            • Opcode ID: 83a35e42efc28b40de8604d7e9846ce8d59a69fba19625922877705394227ac9
                                                                                                                                                                            • Instruction ID: 5af3d610a6e0a6f204fc313260c0b4d1fe9345a5cc1f621387c5e3ac583b6184
                                                                                                                                                                            • Opcode Fuzzy Hash: 83a35e42efc28b40de8604d7e9846ce8d59a69fba19625922877705394227ac9
                                                                                                                                                                            • Instruction Fuzzy Hash: DF51C37290134AAFEF209F59CC45FEF7BAAEB60790F148429F914A6290E774DD10CB60
                                                                                                                                                                            Function 0068E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 0068E7D7
                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 0068E811
                                                                                                                                                                            • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 0068E86D
                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0068E8C7
                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0068E8DC
                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0068E917
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2792426717-0
                                                                                                                                                                            • Opcode ID: 12a2454ae2abdb474fee41deadb67e18e856ae54bf7ec39eabb5c5f1f91c6fcf
                                                                                                                                                                            • Instruction ID: e370287164f73c41e7920d4ee96a4aeaddac6fe6b21991839e00d29677c71983
                                                                                                                                                                            • Opcode Fuzzy Hash: 12a2454ae2abdb474fee41deadb67e18e856ae54bf7ec39eabb5c5f1f91c6fcf
                                                                                                                                                                            • Instruction Fuzzy Hash: E1415EB1A01218ABEF10DFA4DD49BDEB7B9EF04705F204229F901A72D0D7799A04CB65
                                                                                                                                                                            Function 00688D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00688D46
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00688D66
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00688D86
                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00688E57
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00688E64
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00688E86
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2966223926-0
                                                                                                                                                                            • Opcode ID: db1f85935a9b76920d0e741bd76921cd336c63ae417915d38083ad371d4ba550
                                                                                                                                                                            • Instruction ID: b2d0a9154cc7c4b81f063e4bd0bd66c642de345cf8430c14ce5f45a5c40e6e5f
                                                                                                                                                                            • Opcode Fuzzy Hash: db1f85935a9b76920d0e741bd76921cd336c63ae417915d38083ad371d4ba550
                                                                                                                                                                            • Instruction Fuzzy Hash: 0641EC71900215CFCB50EF55C884BAEBBB2FF50300F644269E40AAB392DF74AE05CB81
                                                                                                                                                                            Function 00703207 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __freea
                                                                                                                                                                            • String ID: 3Ap$a/p$am/pm
                                                                                                                                                                            • API String ID: 240046367-4290620254
                                                                                                                                                                            • Opcode ID: 5484c78d0cdbebf5bced10ed47f605351e2bef58423b6492a2ff49435b4e3e23
                                                                                                                                                                            • Instruction ID: 3ecaf85745d5837af932034d789c3b57bf27137afa55f0a355cc026886dcdd5b
                                                                                                                                                                            • Opcode Fuzzy Hash: 5484c78d0cdbebf5bced10ed47f605351e2bef58423b6492a2ff49435b4e3e23
                                                                                                                                                                            • Instruction Fuzzy Hash: FCC1D035900206DBDB248F68C899ABABBF9FF05700F254249E501AF3E1D77A9F41CB61
                                                                                                                                                                            Function 00693400 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00693435
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00693457
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00693477
                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0069353A
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00693547
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00693569
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2966223926-0
                                                                                                                                                                            • Opcode ID: 3f5b5f35dc29119cbaffd864f96ddcd0ad80415c96a16ed6fbf1ef5ea2def5a5
                                                                                                                                                                            • Instruction ID: 54ace6e84e0665711c42e4b8a8d73a4faa0156c179542ac22641372fed4a6707
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f5b5f35dc29119cbaffd864f96ddcd0ad80415c96a16ed6fbf1ef5ea2def5a5
                                                                                                                                                                            • Instruction Fuzzy Hash: 3741DF719006659FCB01DF58C840AAEB7FAFF44B00F15816DD809AB752DB34EA45CB81
                                                                                                                                                                            Function 006832DE Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 006832E5
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006832F2
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00683340
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00683360
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0068336D
                                                                                                                                                                            • __Towlower.LIBCPMT ref: 00683388
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2111902878-0
                                                                                                                                                                            • Opcode ID: 520c64cba35cd3bbec6be60d1e78caaf5ce068a1ef0a92bc92487e3f45286450
                                                                                                                                                                            • Instruction ID: 318f22e29d7ff45a07a7977876cb36cd202ccbeadbdecfd8140a6b31f0391e2d
                                                                                                                                                                            • Opcode Fuzzy Hash: 520c64cba35cd3bbec6be60d1e78caaf5ce068a1ef0a92bc92487e3f45286450
                                                                                                                                                                            • Instruction Fuzzy Hash: 661125329012699FCB44FB64D445ABEB7A6AF84B10F24021DF60567392DF349F41C799
                                                                                                                                                                            Function 006E435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E4362
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E436C
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • codecvt.LIBCPMT ref: 006E43A6
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E43BD
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E43DD
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E43EA
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                            • Opcode ID: f95de638b7d431552f78b25bdfc884b7d05e6e309deedd0d803b2e9cbbd2fcfd
                                                                                                                                                                            • Instruction ID: d9f952019138c505e5d2fc9f93c6f68e899e3186a17c57f374d69716f9a32608
                                                                                                                                                                            • Opcode Fuzzy Hash: f95de638b7d431552f78b25bdfc884b7d05e6e309deedd0d803b2e9cbbd2fcfd
                                                                                                                                                                            • Instruction Fuzzy Hash: AA01C03590126A9BCB04FB66C855ABD77A3BF90710F24411CE5146B3C1DF749E01CB88
                                                                                                                                                                            Function 006F4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F447C
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F4486
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • collate.LIBCPMT ref: 006F44C0
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F44D7
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F44F7
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F4504
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                            • Opcode ID: ab4ab5daf385836a3349858d5012d359c60ade7f5cc4b12fb4c19d9b66f46f2f
                                                                                                                                                                            • Instruction ID: 4f83776a577e7cf78a418dfe1aa0065320c23bc7bf2c7e5b3404cf3942c5a0d5
                                                                                                                                                                            • Opcode Fuzzy Hash: ab4ab5daf385836a3349858d5012d359c60ade7f5cc4b12fb4c19d9b66f46f2f
                                                                                                                                                                            • Instruction Fuzzy Hash: 3901C4359002699BCB04FB64C855ABE77A3BF80750F24450DF5106B3D2DF749E41CB88
                                                                                                                                                                            Function 006F450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F4511
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F451B
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • messages.LIBCPMT ref: 006F4555
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F456C
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F458C
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F4599
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 958335874-0
                                                                                                                                                                            • Opcode ID: 4931bdac4be1a74047470fe4c31e2820bfd5d719e40d9462a2059b30e8757b63
                                                                                                                                                                            • Instruction ID: 2ab041327172fbef87651a37bba3fb5b28f8d21d27cebe4c9f69befce9764b1d
                                                                                                                                                                            • Opcode Fuzzy Hash: 4931bdac4be1a74047470fe4c31e2820bfd5d719e40d9462a2059b30e8757b63
                                                                                                                                                                            • Instruction Fuzzy Hash: 5801C07590026A9BCB04FBA4C855ABE77A7BF84710F24054DF6106B3D1DF749E00CB88
                                                                                                                                                                            Function 006F46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F46D0
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F46DA
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006F4714
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F472B
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F474B
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F4758
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                            • Opcode ID: 09582f7a25b42ea793cc561435bfee1ab74cd2f495abcaf42313ae03c6f90edd
                                                                                                                                                                            • Instruction ID: e118975cd39aadb8e7ef062066e1731b5502fda7504087b08851190709550874
                                                                                                                                                                            • Opcode Fuzzy Hash: 09582f7a25b42ea793cc561435bfee1ab74cd2f495abcaf42313ae03c6f90edd
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A01C43590126D9BCB04FB64C845ABEB7A7BF80750F25014CE6246B391DF749E01CB84
                                                                                                                                                                            Function 006F475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F4765
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F476F
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • moneypunct.LIBCPMT ref: 006F47A9
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F47C0
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F47E0
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F47ED
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                            • Opcode ID: 0bc2210b6f04ba53bd97b96a5ff403cb882caccbbb41e8d38886e9c1cfc4ffc4
                                                                                                                                                                            • Instruction ID: 7bab320fde3217b75ed633036e72975d539f8d2fd6455237a1601a893e6037dc
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bc2210b6f04ba53bd97b96a5ff403cb882caccbbb41e8d38886e9c1cfc4ffc4
                                                                                                                                                                            • Instruction Fuzzy Hash: 2D01C03591426A9BCB04FB64C855ABE7773BF80714F24010CF6106B791DF749E00CB88
                                                                                                                                                                            Function 006AC410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006AC546
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006AC54B
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006AC550
                                                                                                                                                                              • Part of subcall function 006FE960: _free.LIBCMT ref: 006FE973
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                            • API String ID: 149343396-2658103896
                                                                                                                                                                            • Opcode ID: 624059b9519f2101e7d5cd3d8615b611c4d23ab08de0e29fedf19d86b5a8fceb
                                                                                                                                                                            • Instruction ID: 718023e0485e16470f1e9ea144732a73ef96378c72c9ec14b6459d77e5518550
                                                                                                                                                                            • Opcode Fuzzy Hash: 624059b9519f2101e7d5cd3d8615b611c4d23ab08de0e29fedf19d86b5a8fceb
                                                                                                                                                                            • Instruction Fuzzy Hash: D64137769003449FCB20EF64D841BAA7BF6EF06310F18856DF8069B352D776A905CBA1
                                                                                                                                                                            Function 006FD1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,006FD278,?,?,007777FC,00000000,?,006FD3A3,00000004,InitializeCriticalSectionEx,0075013C,00750144,00000000), ref: 006FD247
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                            • Opcode ID: 4c70c12ed9bfb4cb696135e04b23879cc5f094f9e2d35c8eed39fba743282062
                                                                                                                                                                            • Instruction ID: f362d9103481ed83832e31a441cd204068a4bffa387c00b3591ea9374a429f20
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c70c12ed9bfb4cb696135e04b23879cc5f094f9e2d35c8eed39fba743282062
                                                                                                                                                                            • Instruction Fuzzy Hash: 0711C631A41229ABEB229B689C45BAD37A7AF01761F254250FF45EB3C0D774FE00C6D5
                                                                                                                                                                            Function 006AE150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 006AE172
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006AE182
                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 006AE1C2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                            • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                            • API String ID: 588496660-2191092095
                                                                                                                                                                            • Opcode ID: 3523c3e502e42e96ae6939eeb16f3d1e9ec59389b079a5f69d30b259ee890ace
                                                                                                                                                                            • Instruction ID: b658f25d31e57bbec3a05d0a19df42f3fdc3c7bba512d8e0319fed86f4bde675
                                                                                                                                                                            • Opcode Fuzzy Hash: 3523c3e502e42e96ae6939eeb16f3d1e9ec59389b079a5f69d30b259ee890ace
                                                                                                                                                                            • Instruction Fuzzy Hash: 4A0179752447149AE3215755FC04B927BA6F791752F04C036E108822A0C7F79CC5DF34
                                                                                                                                                                            Function 006D11F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 006D1210
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006D121A
                                                                                                                                                                            Strings
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 006D122D
                                                                                                                                                                            • WriteFile failed: %d, xrefs: 006D1221
                                                                                                                                                                            • NWebAdvisor::CCabParser::Write, xrefs: 006D1228
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                            • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                            • API String ID: 442123175-2264278858
                                                                                                                                                                            • Opcode ID: b913351a6e466833c4eb1910d07f78635def965ea76e77e09ca70b8ffeecaee3
                                                                                                                                                                            • Instruction ID: 7c6f2f61b58308638165b8d21de0e6fe1328e035ec6b11e40866c81f57cea0ce
                                                                                                                                                                            • Opcode Fuzzy Hash: b913351a6e466833c4eb1910d07f78635def965ea76e77e09ca70b8ffeecaee3
                                                                                                                                                                            • Instruction Fuzzy Hash: A9F0F47174020CBFDB40EFA4DC02FBEB7A4EB18B04F40405CFA059B191DA719A14D755
                                                                                                                                                                            Function 006B08A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32), ref: 006B08A9
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006B08C0
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 006B08D7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                                                            • API String ID: 4190356694-3789238822
                                                                                                                                                                            • Opcode ID: 47c1249073520e813f8aa0f339719b34547974035be3e54d8f5ab148a429ca0f
                                                                                                                                                                            • Instruction ID: 9001307ad49840902b2c5a168b81245ba3206d751f09403064e28e7ac0634e8b
                                                                                                                                                                            • Opcode Fuzzy Hash: 47c1249073520e813f8aa0f339719b34547974035be3e54d8f5ab148a429ca0f
                                                                                                                                                                            • Instruction Fuzzy Hash: 93F027B2D0131CABEE149BA06D09BEB7B9CDB01713B0045D5EC0893240E6B5CF4493D0
                                                                                                                                                                            Function 0070E940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0070E935,?,?,0070E8FD,00000002,00000002,?), ref: 0070E955
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0070E968
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,0070E935,?,?,0070E8FD,00000002,00000002,?), ref: 0070E98B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: c1c4d420182f917c390a1029a01017ac6cf99d646fce07a1c7f0755c5110aa9c
                                                                                                                                                                            • Instruction ID: 196b5af426e54b97ebc7ec2ac0e0623473624c41606710a2df2b13877af5b056
                                                                                                                                                                            • Opcode Fuzzy Hash: c1c4d420182f917c390a1029a01017ac6cf99d646fce07a1c7f0755c5110aa9c
                                                                                                                                                                            • Instruction Fuzzy Hash: D1F08C70A61219FBEB119B51DE09FDDBAB8EB00B57F104160F805A20E0CBB88E41DAA5
                                                                                                                                                                            Function 006F8982 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,006F891F,00000064), ref: 006F89A5
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0077742C,00691171,?,006F891F,00000064,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F89AF
                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(00691171,00000000,?,006F891F,00000064,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F89C0
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0077742C,?,006F891F,00000064,?,?,?,0069402B,0077827C,3536BAD2,?,00691171,?), ref: 006F89C7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                            • String ID: ,tw
                                                                                                                                                                            • API String ID: 3269011525-1260666619
                                                                                                                                                                            • Opcode ID: 37241800b0fe74ede9220d7905d4904471f60b306f83d63030eb5d2c83733fb8
                                                                                                                                                                            • Instruction ID: cb3aeda9ce8b591cce3e565fc124730e1ba56576447cf26d68fa03cb77e459a2
                                                                                                                                                                            • Opcode Fuzzy Hash: 37241800b0fe74ede9220d7905d4904471f60b306f83d63030eb5d2c83733fb8
                                                                                                                                                                            • Instruction Fuzzy Hash: 26E0D832608268FFDB152B54EC08AAE3F2DFF08B92B00C060F50D531A1CBB90810CBDA
                                                                                                                                                                            Function 007103F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00712174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006F872D,?,?,0068A1ED,0000002C,3536BAD2), ref: 007121A6
                                                                                                                                                                            • _free.LIBCMT ref: 00710501
                                                                                                                                                                            • _free.LIBCMT ref: 00710518
                                                                                                                                                                            • _free.LIBCMT ref: 00710535
                                                                                                                                                                            • _free.LIBCMT ref: 00710550
                                                                                                                                                                            • _free.LIBCMT ref: 00710567
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3033488037-0
                                                                                                                                                                            • Opcode ID: d6cef79087d9318687f44845636207aad20310071915a5b2eb4f58ae340b9eec
                                                                                                                                                                            • Instruction ID: e45682c03f159c9ffbab23f3d49454d27c9b86301979859234253b5c015d0960
                                                                                                                                                                            • Opcode Fuzzy Hash: d6cef79087d9318687f44845636207aad20310071915a5b2eb4f58ae340b9eec
                                                                                                                                                                            • Instruction Fuzzy Hash: 8651B271A00704DFDB20DF2DD841AAA77F5EF48720B140669E809D7290E7B9EAD1CF90
                                                                                                                                                                            Function 006E43F0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006E43F7
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006E4401
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006E4452
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006E4472
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006E447F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                            • Opcode ID: e940df4d7ca82ccccde4cce2f6f7163330bfccd404d18888d4d95f30fb55924e
                                                                                                                                                                            • Instruction ID: c1ca6047700ff72d8cfc63cf9b7d13bdb05fd56feb8ca6ffa488c4a1820e7042
                                                                                                                                                                            • Opcode Fuzzy Hash: e940df4d7ca82ccccde4cce2f6f7163330bfccd404d18888d4d95f30fb55924e
                                                                                                                                                                            • Instruction Fuzzy Hash: 3611B1326053699BCB04ABA59805BAEB7A7EF40710F14405DFA04A73D1DF749A41C798
                                                                                                                                                                            Function 006E7579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Maklocstr$Maklocchr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2020259771-0
                                                                                                                                                                            • Opcode ID: 927bf28b25c694b964b5c7b89b7f3fb2b56a1954df49a679c11714695b69565b
                                                                                                                                                                            • Instruction ID: ab7511455f44c1fb87e28946b790491f16870a2a9674b44b025716292f061afc
                                                                                                                                                                            • Opcode Fuzzy Hash: 927bf28b25c694b964b5c7b89b7f3fb2b56a1954df49a679c11714695b69565b
                                                                                                                                                                            • Instruction Fuzzy Hash: AF119EB1508B847BE720DBA68881F52B7EDFF09310F04492AF285CBA40E765FC5487A9
                                                                                                                                                                            Function 006F459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F45A6
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F45B0
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F4601
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F4621
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F462E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                            • Opcode ID: 098a5245f164c407b28676a62adf00a612ddb88ac4be65c3a323f144a6618156
                                                                                                                                                                            • Instruction ID: 66bf84210437195fcab9b3383b1a202d0325ae08f4cd86da4de44abfe059f7c1
                                                                                                                                                                            • Opcode Fuzzy Hash: 098a5245f164c407b28676a62adf00a612ddb88ac4be65c3a323f144a6618156
                                                                                                                                                                            • Instruction Fuzzy Hash: 08016D359002699BCB05EBA4C855ABEB767AF80B10F24411DF514AB391DF749E41CB98
                                                                                                                                                                            Function 006F4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F463B
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F4645
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F4696
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F46B6
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F46C3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                            • Opcode ID: 0bb4292ab1357b62b50deaec2680a2ee537e06e67c02473e810f26084afd68cf
                                                                                                                                                                            • Instruction ID: 01b99cce49c6bb77a1aac4558c8282de00ea92c726fe91c3d21e000ad6c758a2
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bb4292ab1357b62b50deaec2680a2ee537e06e67c02473e810f26084afd68cf
                                                                                                                                                                            • Instruction Fuzzy Hash: E301C0319002699BCB04EB64C855ABEB7A7BF80710F24410DFA14AB3D1DF749E40CB88
                                                                                                                                                                            Function 006F47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F47FA
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F4804
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F4855
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F4875
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F4882
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                            • Opcode ID: 0ff62fee6888ad8c75cae8edfe8e27bb98f975edb114f7a1ff5b8b84ba818b80
                                                                                                                                                                            • Instruction ID: f919b81f914cf16c31966a4b731d4c6036a3826d78f240c6c72d198916fac85c
                                                                                                                                                                            • Opcode Fuzzy Hash: 0ff62fee6888ad8c75cae8edfe8e27bb98f975edb114f7a1ff5b8b84ba818b80
                                                                                                                                                                            • Instruction Fuzzy Hash: 7301C4319042A99BCB08EB64C855AFE7777BF80750F24411CE6206B381DF78DE41C784
                                                                                                                                                                            Function 006F4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 006F488F
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006F4899
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::_Lockit.LIBCPMT ref: 00682D30
                                                                                                                                                                              • Part of subcall function 00682D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00682D4C
                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 006F48EA
                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 006F490A
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006F4917
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                            • Opcode ID: f3fc870ff613a04b2a7282e756792f627a46c853dfde6c421d0bc91cecab1661
                                                                                                                                                                            • Instruction ID: e9ecba412db79371e5a29dc555e56d6e2fd0843ddad22eb8f95994925b081210
                                                                                                                                                                            • Opcode Fuzzy Hash: f3fc870ff613a04b2a7282e756792f627a46c853dfde6c421d0bc91cecab1661
                                                                                                                                                                            • Instruction Fuzzy Hash: 6201C43190026A9BCF04EBA4C855ABE77A7AF80710F14454DE5146B781DF749E05CB88
                                                                                                                                                                            Function 0071B487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 0071B49F
                                                                                                                                                                              • Part of subcall function 00712098: RtlFreeHeap.NTDLL(00000000,00000000,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?), ref: 007120AE
                                                                                                                                                                              • Part of subcall function 00712098: GetLastError.KERNEL32(?,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?,?), ref: 007120C0
                                                                                                                                                                            • _free.LIBCMT ref: 0071B4B1
                                                                                                                                                                            • _free.LIBCMT ref: 0071B4C3
                                                                                                                                                                            • _free.LIBCMT ref: 0071B4D5
                                                                                                                                                                            • _free.LIBCMT ref: 0071B4E7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: e0e67dcf47ff5968b6e84cd7087532daf2a0605e8d25df0538a15daa2c6c5b4f
                                                                                                                                                                            • Instruction ID: 1169bbc76352d66de5b5cc0e8ac9ca38bb16fb37bfb25f5a12ce1766392689f5
                                                                                                                                                                            • Opcode Fuzzy Hash: e0e67dcf47ff5968b6e84cd7087532daf2a0605e8d25df0538a15daa2c6c5b4f
                                                                                                                                                                            • Instruction Fuzzy Hash: FCF0FF72504744EBCB30DB6CF985C9673DDEA047107A48815F44AD7682C76CFDC18654
                                                                                                                                                                            Function 006D0720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 006D0743
                                                                                                                                                                            • CloseHandle failed: %d, xrefs: 006D0737
                                                                                                                                                                            • NWebAdvisor::CCabParser::Close, xrefs: 006D073E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                            • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                            • API String ID: 918212764-1823807987
                                                                                                                                                                            • Opcode ID: 5b6139a3cf717846bf58245e45b402e65fbc0f84c775911ff7285792ee558691
                                                                                                                                                                            • Instruction ID: d68b3f46d866902b100504cc0043892c7169e19d87bc76f7df6320dd72dce813
                                                                                                                                                                            • Opcode Fuzzy Hash: 5b6139a3cf717846bf58245e45b402e65fbc0f84c775911ff7285792ee558691
                                                                                                                                                                            • Instruction Fuzzy Hash: 72D02BB0B403242EF7201B28AC0AFE73659DB00720F000A1CB700D21E1E7E5A8408B89
                                                                                                                                                                            Function 006E52EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 006E52F3
                                                                                                                                                                              • Part of subcall function 006ABDF0: std::_Lockit::_Lockit.LIBCPMT ref: 006ABE2F
                                                                                                                                                                              • Part of subcall function 006ABDF0: std::_Lockit::_Lockit.LIBCPMT ref: 006ABE51
                                                                                                                                                                              • Part of subcall function 006ABDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 006ABE71
                                                                                                                                                                              • Part of subcall function 006ABDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 006ABFFC
                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 006E54EF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx$l8]n
                                                                                                                                                                            • API String ID: 3042121994-1176629752
                                                                                                                                                                            • Opcode ID: 9f51d5de1243f20355619628929af2285c756b5a14ef171f2676cd677e9d6601
                                                                                                                                                                            • Instruction ID: ca4a5029e72289c7fd063c60baf0f17eeeb389b9b5e99f1d96652770fd0d77f6
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f51d5de1243f20355619628929af2285c756b5a14ef171f2676cd677e9d6601
                                                                                                                                                                            • Instruction Fuzzy Hash: 79C19030D067C88BDF21DBA5C5507ECBBB3AF55308F2840A9D8876B382DB609D46CB54
                                                                                                                                                                            Function 007251F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                            • API String ID: 0-4282027825
                                                                                                                                                                            • Opcode ID: 12706f00045b1eec9ab1432b575848e26440f030dab4b28e70cbab88ffa97664
                                                                                                                                                                            • Instruction ID: 4152a38598370928ebe25d8c8d986e40e4dd3ef94a5f6d76673e5cb7fc385dbc
                                                                                                                                                                            • Opcode Fuzzy Hash: 12706f00045b1eec9ab1432b575848e26440f030dab4b28e70cbab88ffa97664
                                                                                                                                                                            • Instruction Fuzzy Hash: DF719FB1D00629DBCF14DFA8D884AEEB7FABF45710F14062DE415E7291E7389940CBA5
                                                                                                                                                                            Function 0068B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0068B64C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 323602529-1866435925
                                                                                                                                                                            • Opcode ID: e9dc11eb73593778dd117950627706b49e1ea8930b7f8864a1f234692d117b94
                                                                                                                                                                            • Instruction ID: b88abee6fadfa742d8bcb050d6c20403cfadb54fb5da96142ed5a72ceaded55e
                                                                                                                                                                            • Opcode Fuzzy Hash: e9dc11eb73593778dd117950627706b49e1ea8930b7f8864a1f234692d117b94
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A71ACB1600249DFDB14CF58C984BAAFBF5FF48314F14826EE9149B391D7B9A905CB80
                                                                                                                                                                            Function 00724620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 007246E4
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00724728
                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 00724768
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                            • String ID: MCRG
                                                                                                                                                                            • API String ID: 3778923442-1523812224
                                                                                                                                                                            • Opcode ID: f621edc9cfdb3e0750679060d90bdf4b4c1642c781308fb7ee0fcea228965d98
                                                                                                                                                                            • Instruction ID: 0c773052a5e23282a0a5e6ee8757d258acc1b7e011c99cae9dafd9aa0a33bbae
                                                                                                                                                                            • Opcode Fuzzy Hash: f621edc9cfdb3e0750679060d90bdf4b4c1642c781308fb7ee0fcea228965d98
                                                                                                                                                                            • Instruction Fuzzy Hash: 69518D75900219EFDB10DFA8D844B9EBBF9EF49320F148259F925AB3A1DB749904CF90
                                                                                                                                                                            Function 00690490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006E3D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,006904D5,?,?,3536BAD2), ref: 006E3DAE
                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 006905CC
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006905F6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                            • String ID: generic$unknown error
                                                                                                                                                                            • API String ID: 3868770561-3628847473
                                                                                                                                                                            • Opcode ID: 697d2a64890f64a0e1e353f3ef6566c8278ed1ce695bf00afdd3afc6f6d01b3d
                                                                                                                                                                            • Instruction ID: f0e2749588fd58675fde2efa50f4077e05f3d059b39068b799c2f7ed1b11aa11
                                                                                                                                                                            • Opcode Fuzzy Hash: 697d2a64890f64a0e1e353f3ef6566c8278ed1ce695bf00afdd3afc6f6d01b3d
                                                                                                                                                                            • Instruction Fuzzy Hash: 7041D4B19003459FEF20AF68C945BAFBBFAEF44710F10062EE556D7781D7B895048BA1
                                                                                                                                                                            Function 0070EA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                            • API String ID: 0-3735944817
                                                                                                                                                                            • Opcode ID: fcb12d1f6703855c5fd98c657ffc83d46c88a07f9be280467c9f732b564d77c9
                                                                                                                                                                            • Instruction ID: 78ce18e04fe945f4f1909bb36529f0d20a0a53814b4104e83f44468f77ea2f39
                                                                                                                                                                            • Opcode Fuzzy Hash: fcb12d1f6703855c5fd98c657ffc83d46c88a07f9be280467c9f732b564d77c9
                                                                                                                                                                            • Instruction Fuzzy Hash: 0631D5B1A40208EFCB21DF99DC85DAEBBF9FB88310B144666E505D7290D7B89A44CB50
                                                                                                                                                                            Function 00684A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: H_prolog3_
                                                                                                                                                                            • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                            • API String ID: 2427045233-3897642808
                                                                                                                                                                            • Opcode ID: 54c82bf9ebf8152a37713043635af41e17dd5e498dee97b7c256d62f8f9e9326
                                                                                                                                                                            • Instruction ID: 83eb2f6e2039fb49d4c8a312c240bdb943ca60d673041413a90d550283b29e28
                                                                                                                                                                            • Opcode Fuzzy Hash: 54c82bf9ebf8152a37713043635af41e17dd5e498dee97b7c256d62f8f9e9326
                                                                                                                                                                            • Instruction Fuzzy Hash: 814193B0D00209DFCB08EFA4D895AEDBBB5FF08314F14426DE805A7381DB749A4ACB55
                                                                                                                                                                            Function 006F2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 006F2F57
                                                                                                                                                                              • Part of subcall function 006E7DF0: __EH_prolog3.LIBCMT ref: 006E7DF7
                                                                                                                                                                              • Part of subcall function 006E7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 006E7E01
                                                                                                                                                                              • Part of subcall function 006E7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 006E7E72
                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 006F2FF3
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                            • String ID: %.0Lf$0123456789-
                                                                                                                                                                            • API String ID: 2544715827-3094241602
                                                                                                                                                                            • Opcode ID: 58ce56ed529941f91c1f3a3d124c595286167f8f51c94217cfa1eec3c4e06325
                                                                                                                                                                            • Instruction ID: c34ef14338f5762946e4155738c6439cf0df5a6b0c5b206403b8e4b5a9d2be3c
                                                                                                                                                                            • Opcode Fuzzy Hash: 58ce56ed529941f91c1f3a3d124c595286167f8f51c94217cfa1eec3c4e06325
                                                                                                                                                                            • Instruction Fuzzy Hash: EB418C7190121DDFCF15DFA4C880AEEBBB6FF08314F1001AAE911AB251DB30DA56CBA5
                                                                                                                                                                            Function 006F3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 006F3207
                                                                                                                                                                              • Part of subcall function 006832DE: __EH_prolog3_GS.LIBCMT ref: 006832E5
                                                                                                                                                                              • Part of subcall function 006832DE: std::_Lockit::_Lockit.LIBCPMT ref: 006832F2
                                                                                                                                                                              • Part of subcall function 006832DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00683360
                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 006F32A3
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                            • API String ID: 3328206922-2494171821
                                                                                                                                                                            • Opcode ID: b099e67b52212e2850414a3de6c757fee43665e6ca856dd61aecec1834417b80
                                                                                                                                                                            • Instruction ID: 8458b8f7febeddb0d26b9ed0a2b2b869849ede6cd86e1cf13e33c80ecdcc47b5
                                                                                                                                                                            • Opcode Fuzzy Hash: b099e67b52212e2850414a3de6c757fee43665e6ca856dd61aecec1834417b80
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C416C7190022DDFCF45EFE4C884AEDBBB6FF08310F1001A9E911AB255DB309A56CBA5
                                                                                                                                                                            Function 006F7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 006F7477
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::_Lockit.LIBCPMT ref: 006AC995
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::_Lockit.LIBCPMT ref: 006AC9B7
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::~_Lockit.LIBCPMT ref: 006AC9D7
                                                                                                                                                                              • Part of subcall function 006AC960: std::_Lockit::~_Lockit.LIBCPMT ref: 006ACAB1
                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 006F7511
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                            • API String ID: 3042121994-2494171821
                                                                                                                                                                            • Opcode ID: 220ed0b5600e320948e53f84b2d22d105035c428b07b6ea363174aa217444a2f
                                                                                                                                                                            • Instruction ID: ec258658ed9394af7f6bf1229575c6039d8aec6503d4185000b3c7787849892a
                                                                                                                                                                            • Opcode Fuzzy Hash: 220ed0b5600e320948e53f84b2d22d105035c428b07b6ea363174aa217444a2f
                                                                                                                                                                            • Instruction Fuzzy Hash: 45416C7190120DDFCF05EFA8D881AEEBBB6FF04310F5001A9FA11AB251DB359A16CB55
                                                                                                                                                                            Function 00697156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006A4B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006A521E
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697D3D
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00697DC8
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                            • String ID: Failed to add event category ($V
                                                                                                                                                                            • API String ID: 2287862619-1647955383
                                                                                                                                                                            • Opcode ID: 62342c2a8460c00caa27a1f34addeff0bb290cdb2dbc8eda4614e215059389db
                                                                                                                                                                            • Instruction ID: 194fb15313b84194c3996b6f84b77d816123b6ee17dbada086b1927741bc687c
                                                                                                                                                                            • Opcode Fuzzy Hash: 62342c2a8460c00caa27a1f34addeff0bb290cdb2dbc8eda4614e215059389db
                                                                                                                                                                            • Instruction Fuzzy Hash: D131A070910248CFDF04EFA0D856BED7BB6EF55304F5040ADE8065B242EB79AA09CF66
                                                                                                                                                                            Function 0069A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,3536BAD2,?,?), ref: 0069A531
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 0069A7EC
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069A989
                                                                                                                                                                              • Part of subcall function 0069F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069F268
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unexpected return value: , xrefs: 0069A8CC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                            • String ID: Unexpected return value:
                                                                                                                                                                            • API String ID: 1703231451-3613193034
                                                                                                                                                                            • Opcode ID: 743bf499eb391fe9141f30573100f4d2aa7096b3603e1eb3c7c5ea7fed4d363b
                                                                                                                                                                            • Instruction ID: 1145a345cedec7a0f571336523142af09d2f8483801c8730d8a753db38860a6a
                                                                                                                                                                            • Opcode Fuzzy Hash: 743bf499eb391fe9141f30573100f4d2aa7096b3603e1eb3c7c5ea7fed4d363b
                                                                                                                                                                            • Instruction Fuzzy Hash: FF21B470A012089BDF14EFE4CD49AECB77BAF45314F104298E411AB6D1DB349A46CB56
                                                                                                                                                                            Function 00697052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceBeginInitialize.KERNEL32(007780C4,00000000,3536BAD2,00000000,3536BAD2,0068A219,007780CC,?,?,?,?,?,?,0068A219,?,?), ref: 00689BE5
                                                                                                                                                                              • Part of subcall function 00689BB0: InitOnceComplete.KERNEL32(007780C4,00000000,00000000), ref: 00689C1D
                                                                                                                                                                              • Part of subcall function 00689940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00689A12
                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00697D3D
                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00697DC8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                            • String ID: P$Service has not been initialized
                                                                                                                                                                            • API String ID: 920826028-2917841385
                                                                                                                                                                            • Opcode ID: 976590b01282b18abd637df02b6da83a3b65db0d39da4fda663a8151d33c4e7f
                                                                                                                                                                            • Instruction ID: 12fb7c027543711ebcfc6577fab32294d6be72826c4b7e56274c859d1ab2387f
                                                                                                                                                                            • Opcode Fuzzy Hash: 976590b01282b18abd637df02b6da83a3b65db0d39da4fda663a8151d33c4e7f
                                                                                                                                                                            • Instruction Fuzzy Hash: 49018471A142488FDF44EFA0D852BED777AAF55310F5081ADF80217281EB79A60DCF69
                                                                                                                                                                            Function 0068308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00683095
                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 006830A2
                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006830DF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                            • API String ID: 4089677319-1405518554
                                                                                                                                                                            • Opcode ID: c77cd2063bbc9ae1e91a3ffe4f6fbb084b3a17bbbd083348d1c70efff1a6b2bb
                                                                                                                                                                            • Instruction ID: c3de75de20f3a82d3daef229819d3733427e176b39794bdbf5cee46354445c47
                                                                                                                                                                            • Opcode Fuzzy Hash: c77cd2063bbc9ae1e91a3ffe4f6fbb084b3a17bbbd083348d1c70efff1a6b2bb
                                                                                                                                                                            • Instruction Fuzzy Hash: F5016271406B94DEC770DF7A848154AFEE1BF28700B508A6EE18E87B41CB70A604CB5E
                                                                                                                                                                            Function 007124F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                            • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                            • Instruction ID: 23e52a439beba0ab4be1efc418b59c6559620c84d6ab009cfeae375ff2ab2a15
                                                                                                                                                                            • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                            • Instruction Fuzzy Hash: 2AB145329042859FDB15CF2CC8917EEBBE6EF55350F2440A9E9519B2C3D63C9DA2CB60
                                                                                                                                                                            Function 00722AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0068463F: GetProcessHeap.KERNEL32(?,?,?,006AC2E1,?,?,?,3536BAD2,?,00000000), ref: 00684676
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 00722BF4
                                                                                                                                                                              • Part of subcall function 006A75F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00722B5D,?,00000000), ref: 006A7628
                                                                                                                                                                              • Part of subcall function 006A75F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28), ref: 006A7636
                                                                                                                                                                              • Part of subcall function 006A75F0: LockResource.KERNEL32(00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 006A7641
                                                                                                                                                                              • Part of subcall function 006A75F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28), ref: 006A764F
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00722B74
                                                                                                                                                                              • Part of subcall function 006A7580: LoadResource.KERNEL32(00000101,00000101,00000000,00000000,80070057,8007000E,80004005,006A8806,00000000,?,00000000,00000002,00000000), ref: 006A7589
                                                                                                                                                                              • Part of subcall function 006A7580: LockResource.KERNEL32(-00000075,00000000,80070057,8007000E,80004005,006A8806,00000000,?,00000000,00000002,00000000), ref: 006A7594
                                                                                                                                                                              • Part of subcall function 006A7580: SizeofResource.KERNEL32(00000101,00000101,?,00000000,00000002,00000000), ref: 006A75A8
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00722BAB
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 00722C2E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2838002939-0
                                                                                                                                                                            • Opcode ID: 06932c723b7ca0c807d91c0ff7488113477e259e6e3dc08651855cec0a0fe663
                                                                                                                                                                            • Instruction ID: ab57e60bd019a653a10096bf3c6f69c85c6814d4fd7a059b5416bdf23b48cddc
                                                                                                                                                                            • Opcode Fuzzy Hash: 06932c723b7ca0c807d91c0ff7488113477e259e6e3dc08651855cec0a0fe663
                                                                                                                                                                            • Instruction Fuzzy Hash: A451BC70200255BFE7248F28DC89F2AB7E9EF54710F20465DF6419B2D2EBB8A941CB65
                                                                                                                                                                            Function 006FC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: 2af152744021d0ad7e92626e032c7a946d7e4d0f2d17bf11a3a4b934d450b4c7
                                                                                                                                                                            • Instruction ID: 30699289bd3ff30231e017889a1356f852672c676d0536d5e51084114e8fc5f3
                                                                                                                                                                            • Opcode Fuzzy Hash: 2af152744021d0ad7e92626e032c7a946d7e4d0f2d17bf11a3a4b934d450b4c7
                                                                                                                                                                            • Instruction Fuzzy Hash: 1251E3B260020EDFEB29DF98CA41BBA73A6FF45324F14412DEE0597292D731AD51C790
                                                                                                                                                                            Function 00713531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c4fc09152f71046475dac2581dfd1757312cf93e2184cd71425a51572fdc4c16
                                                                                                                                                                            • Instruction ID: 6e91833c3ade3984fffb899fd8e20f6bf290c1dfa64612174f39b32a400393e3
                                                                                                                                                                            • Opcode Fuzzy Hash: c4fc09152f71046475dac2581dfd1757312cf93e2184cd71425a51572fdc4c16
                                                                                                                                                                            • Instruction Fuzzy Hash: 3741D9B1A00704FFD7249F7CC846BAABBA6EF84B10F104529F111DB3C1D779AA918780
                                                                                                                                                                            Function 006AEBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 006AEBCB
                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 006AEC28
                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 006AEC4F
                                                                                                                                                                              • Part of subcall function 006AEBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 006AEC7E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseEnumOpenSecurity
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 611561417-0
                                                                                                                                                                            • Opcode ID: 0e6533a62f55397e7bd2445f4e2095eb79e2cef88e9ae193e07439501a2089a3
                                                                                                                                                                            • Instruction ID: 3932c178a34b591e2f44c7813a957eb8c26ff11bf4f62e18f2896266dc204a3b
                                                                                                                                                                            • Opcode Fuzzy Hash: 0e6533a62f55397e7bd2445f4e2095eb79e2cef88e9ae193e07439501a2089a3
                                                                                                                                                                            • Instruction Fuzzy Hash: AF31B672A0021CAFDB20AF54DD49FEAB3B9FB08710F0045A5F916E7191DA759E40CF54
                                                                                                                                                                            Function 0070E0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8eb6e597bc3981cec0628186c8e416daa7367931cfcfe94616bf4e52ca50d61c
                                                                                                                                                                            • Instruction ID: 2cb5841f94c5c7126737a711799ff8a68cc6ef3bd418aa08810fe38378b2166a
                                                                                                                                                                            • Opcode Fuzzy Hash: 8eb6e597bc3981cec0628186c8e416daa7367931cfcfe94616bf4e52ca50d61c
                                                                                                                                                                            • Instruction Fuzzy Hash: ED21BB7120420DEFEB20AB64CC8597B77EEAF443A47148A28F925CB1D1E738EC4187A0
                                                                                                                                                                            Function 006A75F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 006F987E: EnterCriticalSection.KERNEL32(007777A0,?,00000101,?,006A86A7,00000000,?,00000101,?,00000000,?,?,006AC338,-00000010), ref: 006F9889
                                                                                                                                                                              • Part of subcall function 006F987E: LeaveCriticalSection.KERNEL32(007777A0,?,006A86A7,00000000,?,00000101,?,00000000,?,?,006AC338,-00000010,?,?,?,3536BAD2), ref: 006F98B5
                                                                                                                                                                            • FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00722B5D,?,00000000), ref: 006A7628
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28), ref: 006A7636
                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 006A7641
                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00722B5D,?,00000000,?,?,?,?,?,0072FB28), ref: 006A764F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 529824247-0
                                                                                                                                                                            • Opcode ID: 3ccc5e77eead08a45fd416c8d5cbd0dde953feb4eb426bf37b7aad12b87fc75f
                                                                                                                                                                            • Instruction ID: 7570f2b5e4989e755c85645610895ce378a5b23e156ff9f54d84f4295503436c
                                                                                                                                                                            • Opcode Fuzzy Hash: 3ccc5e77eead08a45fd416c8d5cbd0dde953feb4eb426bf37b7aad12b87fc75f
                                                                                                                                                                            • Instruction Fuzzy Hash: 541138326087124BE7396F1C9C84B7BB79ADBD2392F20193DF95683390EB65CC018A64
                                                                                                                                                                            Function 00721647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteConsoleW.KERNEL32(006B860A,3536BAD2,0076C218,00000000,006B860A,?,0071F9C7,006B860A,00000001,006B860A,006B860A,?,00715B42,00000000,?,006B860A), ref: 0072165E
                                                                                                                                                                            • GetLastError.KERNEL32(?,0071F9C7,006B860A,00000001,006B860A,006B860A,?,00715B42,00000000,?,006B860A,00000000,006B860A,?,00716096,006B860A), ref: 0072166A
                                                                                                                                                                              • Part of subcall function 00721630: CloseHandle.KERNEL32(FFFFFFFE,0072167A,?,0071F9C7,006B860A,00000001,006B860A,006B860A,?,00715B42,00000000,?,006B860A,00000000,006B860A), ref: 00721640
                                                                                                                                                                            • ___initconout.LIBCMT ref: 0072167A
                                                                                                                                                                              • Part of subcall function 007215F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0072161F,0071F9B4,006B860A,?,00715B42,00000000,?,006B860A,00000000), ref: 00721603
                                                                                                                                                                            • WriteConsoleW.KERNEL32(006B860A,3536BAD2,0076C218,00000000,?,0071F9C7,006B860A,00000001,006B860A,006B860A,?,00715B42,00000000,?,006B860A,00000000), ref: 0072168F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                            • Opcode ID: b346f5ec66bcfee59bbc762dabd58f0f9ded43972d08a96e9581d780aaa839a2
                                                                                                                                                                            • Instruction ID: 09be0ad0ddd5334fc8be719395b915aef605192f0760dbacdde6d3bbddb6a4d0
                                                                                                                                                                            • Opcode Fuzzy Hash: b346f5ec66bcfee59bbc762dabd58f0f9ded43972d08a96e9581d780aaa839a2
                                                                                                                                                                            • Instruction Fuzzy Hash: 18F01536401129BBCF222F91EC09A9E3F26FB593A1F488450FA0985160CA3A8920DF94
                                                                                                                                                                            Function 0070F540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 0070F549
                                                                                                                                                                              • Part of subcall function 00712098: RtlFreeHeap.NTDLL(00000000,00000000,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?), ref: 007120AE
                                                                                                                                                                              • Part of subcall function 00712098: GetLastError.KERNEL32(?,?,0071B729,?,00000000,?,?,?,0071B9CC,?,00000007,?,?,0071BDD6,?,?), ref: 007120C0
                                                                                                                                                                            • _free.LIBCMT ref: 0070F55C
                                                                                                                                                                            • _free.LIBCMT ref: 0070F56D
                                                                                                                                                                            • _free.LIBCMT ref: 0070F57E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: 734991a799e83427cc9feef449ad9c2076b77346660a43151ca3e66eda886929
                                                                                                                                                                            • Instruction ID: adf6daf2c16db00470e9b5a4d656883aac8b30f3167821132d6b0ea6b248ef85
                                                                                                                                                                            • Opcode Fuzzy Hash: 734991a799e83427cc9feef449ad9c2076b77346660a43151ca3e66eda886929
                                                                                                                                                                            • Instruction Fuzzy Hash: EDE04670884620DA8B632F38FC094993B29A71D7903748106F40C06332DF3E02EEDBAA
                                                                                                                                                                            Function 00724440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00722AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00722B74
                                                                                                                                                                              • Part of subcall function 00722AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00722BAB
                                                                                                                                                                              • Part of subcall function 00722AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 00722C2E
                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 0072453C
                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 00724598
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                            • String ID: MCRG
                                                                                                                                                                            • API String ID: 2178413835-1523812224
                                                                                                                                                                            • Opcode ID: 87a51bd94dd637e37d8f15dd6e5686dfec811adc722338fb834da487182d64ab
                                                                                                                                                                            • Instruction ID: 735affb7a444c54660ab9bb4ca6f70a586de54bffc104acb143a19ddc2ecb9e7
                                                                                                                                                                            • Opcode Fuzzy Hash: 87a51bd94dd637e37d8f15dd6e5686dfec811adc722338fb834da487182d64ab
                                                                                                                                                                            • Instruction Fuzzy Hash: CE616871A00648EFDB01CFA9D844B9EFBF5EF49320F148259F815AB2A1DB75A905CF90
                                                                                                                                                                            Function 006A71C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A7362
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 006A7367
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: 'mj
                                                                                                                                                                            • API String ID: 118556049-3212252379
                                                                                                                                                                            • Opcode ID: 4c6f53460f6d5ad7a4b18c009dfde5694ce4038ef6de7610c668fc152d535a9d
                                                                                                                                                                            • Instruction ID: 2880cbe637c8a917b31ef1aa103a80fe4036e966f0ee1d86692ce9f2fd266b70
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c6f53460f6d5ad7a4b18c009dfde5694ce4038ef6de7610c668fc152d535a9d
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E51C1B19086058FDB28EF28C94176EB7F6EF49300F110A2EE45A97791DB31EA44CB95
                                                                                                                                                                            Function 006FC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 006FC707
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                            • Opcode ID: 4c1221c66c2bbe23a9a5d3dbb36e162fcb2ab705d2e2387288a2a8268facc8e7
                                                                                                                                                                            • Instruction ID: bd75f3ee17bfea029372f4303fb2a0a5bda7f29a41202cb691b5cc559634cfef
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c1221c66c2bbe23a9a5d3dbb36e162fcb2ab705d2e2387288a2a8268facc8e7
                                                                                                                                                                            • Instruction Fuzzy Hash: ED41147290020DAFCF16EF98CE81AEEBBB6BF48310F148199FA14A7251D3359950DF90
                                                                                                                                                                            Function 00712E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free
                                                                                                                                                                            • String ID: P|w$T|w
                                                                                                                                                                            • API String ID: 269201875-2158341068
                                                                                                                                                                            • Opcode ID: 980635f2aa18f02091d5de4fdc71d6bf84f56904747d98e09ff7ec0d9f9cd43f
                                                                                                                                                                            • Instruction ID: 96b0b6496d8f4432658fa64afc1f571005efe7f42cae5c1945640368870a348a
                                                                                                                                                                            • Opcode Fuzzy Hash: 980635f2aa18f02091d5de4fdc71d6bf84f56904747d98e09ff7ec0d9f9cd43f
                                                                                                                                                                            • Instruction Fuzzy Hash: BB118171104302DBE7249F2DD889A92B7E8EB14764F30442EE489D72C3E779E8D68754
                                                                                                                                                                            Function 006F8367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006F904B
                                                                                                                                                                            • ___raise_securityfailure.LIBCMT ref: 006F9133
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                            • String ID: Xtw
                                                                                                                                                                            • API String ID: 3761405300-417136247
                                                                                                                                                                            • Opcode ID: 294dfe0894511815d4c633afc34c687d4696347b23618796a5617b3744da2e55
                                                                                                                                                                            • Instruction ID: cff80d91b093172b212b89ded83707d367054f18facc3ff26be10e7a9afe2eb0
                                                                                                                                                                            • Opcode Fuzzy Hash: 294dfe0894511815d4c633afc34c687d4696347b23618796a5617b3744da2e55
                                                                                                                                                                            • Instruction Fuzzy Hash: 8D21A0B4608344DAD718CF19FD86A503BA4BB18798F60D06AE50DCB3B0E7B865E1CF59
                                                                                                                                                                            Function 00726290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00722AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00722B74
                                                                                                                                                                              • Part of subcall function 00722AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00722BAB
                                                                                                                                                                              • Part of subcall function 00722AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0072FB28,000000FF), ref: 00722C2E
                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,?,00000100,%`r,?,00000000,?,?,?,00726025,?,00000100,00000000,00000100), ref: 007262BB
                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,%`r,00000100,00000000,00000100), ref: 007262F9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiQueryValueWide$FindResource
                                                                                                                                                                            • String ID: %`r
                                                                                                                                                                            • API String ID: 3794624133-439428782
                                                                                                                                                                            • Opcode ID: de97740fc78f9d9dcf9c358e23002525c09094d6a94405ea55dcbc6a17f568dd
                                                                                                                                                                            • Instruction ID: a4385616c8ed33fbbadf12515729d8755bd63cf58eb0209828daf6d79c25dc74
                                                                                                                                                                            • Opcode Fuzzy Hash: de97740fc78f9d9dcf9c358e23002525c09094d6a94405ea55dcbc6a17f568dd
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C11C171500209FFEB019F58CC45F9ABB65FF08360F148165FC08972A1D7769D20DB90
                                                                                                                                                                            Function 006AE5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CLSIDFromString.OLE32(0000007B,?), ref: 006AE650
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FromString
                                                                                                                                                                            • String ID: @${
                                                                                                                                                                            • API String ID: 1694596556-3118734784
                                                                                                                                                                            • Opcode ID: 6a4ce493fddb8caa12a0761feace5ccdf0868d15a255520ab1e3b18e368ea738
                                                                                                                                                                            • Instruction ID: 9c1deda09dab930178f2ff4191d5506034ffd09b52bff8a71a16678b0c096281
                                                                                                                                                                            • Opcode Fuzzy Hash: 6a4ce493fddb8caa12a0761feace5ccdf0868d15a255520ab1e3b18e368ea738
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C0169316002189BDB14DF59D904BDEB3B9FF59710F40819EF945E7150DE74AE84CB94
                                                                                                                                                                            Function 0071564E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0071ACE1: EnterCriticalSection.KERNEL32(?,?,0071F56B,?,0076C6E0,00000010,00714ED0,00000000,05D1745D,00000004,00000000,00000016,?,00000003), ref: 0071ACFC
                                                                                                                                                                            • FlushFileBuffers.KERNEL32(00000000,0076C518,0000000C,00715755,JOp,?,00000003,00000003,00704F4A,?,00000003), ref: 00715697
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 007156A8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                                                                                                            • String ID: JOp
                                                                                                                                                                            • API String ID: 4109680722-2779313138
                                                                                                                                                                            • Opcode ID: 27f4392af6d9656864d57e75b3e8cb55d97514ccfd915df510e56b36dcb0b019
                                                                                                                                                                            • Instruction ID: e68f056f4b4265e95acc8987146f7e119d6cbc7586a8f425f167ee61ea2366a0
                                                                                                                                                                            • Opcode Fuzzy Hash: 27f4392af6d9656864d57e75b3e8cb55d97514ccfd915df510e56b36dcb0b019
                                                                                                                                                                            • Instruction Fuzzy Hash: BC01D272A01204DFD714EFACD80969D7BA5EF89720F10411AF411DB2E1DB78E942CB94
                                                                                                                                                                            Function 006F9146 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006F9151
                                                                                                                                                                            • ___raise_securityfailure.LIBCMT ref: 006F920E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                            • String ID: Xtw
                                                                                                                                                                            • API String ID: 3761405300-417136247
                                                                                                                                                                            • Opcode ID: 95b414b817ea70a4eaf8e4497b0d61b21aab0b81a1644d8688cd578e933a6998
                                                                                                                                                                            • Instruction ID: dce50fa4dd137003d5ac610564c7cd24b1ab50a584bc90394b3384c0b5cad062
                                                                                                                                                                            • Opcode Fuzzy Hash: 95b414b817ea70a4eaf8e4497b0d61b21aab0b81a1644d8688cd578e933a6998
                                                                                                                                                                            • Instruction Fuzzy Hash: D7119FB46183489ED718CF19FD816403BA5BB08788B10D06AE80CC7370E778A5E5CF59
                                                                                                                                                                            Function 006E2743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DloadGetSRWLockFunctionPointers.DELAYIMP ref: 006E2743
                                                                                                                                                                              • Part of subcall function 006E26D0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,006E2748,006E28F1), ref: 006E26E7
                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,006E28F1), ref: 006E2760
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000005.00000002.3391570446.0000000000671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                            • Associated: 00000005.00000002.3391480842.0000000000670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391729274.000000000076F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391782178.0000000000774000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391877051.0000000000776000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000005.00000002.3391935004.0000000000779000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_5_2_670000_saBSI.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lock$AcquireDloadExclusiveFunctionHandleModulePointers
                                                                                                                                                                            • String ID: 8ow
                                                                                                                                                                            • API String ID: 3692202576-4181589709
                                                                                                                                                                            • Opcode ID: acbf311f1f6647d41827031df149a9416564d102c552ff552b9aaae03967f0b6
                                                                                                                                                                            • Instruction ID: 792f9c8f227d53e42b84eedce99daebb8d05635613de3d8ee86534d18648a0ef
                                                                                                                                                                            • Opcode Fuzzy Hash: acbf311f1f6647d41827031df149a9416564d102c552ff552b9aaae03967f0b6
                                                                                                                                                                            • Instruction Fuzzy Hash: B1E0C230332793474F146B27BEA49AA274FAB417853004079E50AD3398DA188CC2CA84